Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

2022-10-11T18:01:00

Description

![Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities](https://blog.talosintelligence.com/content/images/2022/10/patch-tuesday.png) Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company's hardware and software line, including seven critical issues in Windows' point-to-point tunneling protocol. October's security update features 11 critical vulnerabilities, with the remainder being "important." One of the most notable vulnerabilities Microsoft fixed this month is [CVE-2022-41038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038>), a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month's Patch Tuesday, though this seems the most severe, as Microsoft continues it to be "more likely" to be exploited. An attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server. [CVE-2022-37968](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968>), an elevation of privilege vulnerability in Azure Arc Connect, has the highest severity score out of all the vulnerabilities Microsoft fixed this month -- a maximum 10 out of 10. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, could allow an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. [CVE-2022-37976](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>) and [CVE-2022-37979](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37979>) are also critical elevation of privilege vulnerabilities in Windows Active Directory and Hyper-V, respectively. The Windows' point-to-point tunneling protocol, which is a network protocol used to create VPN tunnels between public networks, contains eight vulnerabilities that Microsoft disclosed Tuesday, seven of which are rated "critical" severity: * [CVE-2022-22035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22035>) * [CVE-2022-24504](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24504>) * [CVE-2022-30198](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30198>) * [CVE-2022-33634](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33634>) * [CVE-2022-38000](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38000>) * [CVE-2022-38047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38047>) * [CVE-2022-41081](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41081>) CVE-2022-38000 is the most serious among the group with a severity rating of 9. An attacker could successfully exploit this issue to launch remote code at the remote server. Microsoft Office and Word also contain critical remote code execution vulnerabilities. These are usually popular targets for adversaries, as they are one of the most popular pieces of software in the world and can be exploited just by tricking a user into opening a specially crafted document: * [CVE-2022-38048](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38048>) * [CVE-2022-38049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41031>) * [CVE-2022-41031](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41032>) Microsoft has also included 12 vulnerabilities in Google Chromium, the open-source web browser that is the basis for Microsoft's Edge browser. Google has already disclosed and fixed these issues, so users do not need to take any additional steps to implement patches: * CVE-2022-3304 * CVE-2022-3307 * CVE-2022-3308 * CVE-2022-3310 * CVE-2022-3311 * CVE-2022-3313 * CVE-2022-3315 * CVE-2022-3316 * CVE-2022-3317 * CVE-2022-3370 * CVE-2022-3373 * CVE-2022-41035 A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60693 - 60696, 60698 - 60701, 60706, 60701 - 60705, 60708 and 60709. There are also Snort 3 SIDs 300290 - 300296, 300297 and 300298.

{"id": "TALOSBLOG:C8DF1717F356AEFC758F655905BAF595", "vendorId": null, "type": "talosblog", "bulletinFamily": "blog", "title": "Microsoft Patch Tuesday for October 2022 \u2014 Snort rules and prominent vulnerabilities", "description": "![Microsoft Patch Tuesday for October 2022 \u2014 Snort rules and prominent vulnerabilities](https://blog.talosintelligence.com/content/images/2022/10/patch-tuesday.png)\n\nMicrosoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company's hardware and software line, including seven critical issues in Windows' point-to-point tunneling protocol.\n\nOctober's security update features 11 critical vulnerabilities, with the remainder being "important."\n\nOne of the most notable vulnerabilities Microsoft fixed this month is [CVE-2022-41038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038>), a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month's Patch Tuesday, though this seems the most severe, as Microsoft continues it to be "more likely" to be exploited.\n\nAn attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server.\n\n[CVE-2022-37968](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968>), an elevation of privilege vulnerability in Azure Arc Connect, has the highest severity score out of all the vulnerabilities Microsoft fixed this month -- a maximum 10 out of 10. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, could allow an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster.\n\n[CVE-2022-37976](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>) and [CVE-2022-37979](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37979>) are also critical elevation of privilege vulnerabilities in Windows Active Directory and Hyper-V, respectively.\n\nThe Windows' point-to-point tunneling protocol, which is a network protocol used to create VPN tunnels between public networks, contains eight vulnerabilities that Microsoft disclosed Tuesday, seven of which are rated "critical" severity:\n\n * [CVE-2022-22035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22035>)\n * [CVE-2022-24504](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24504>)\n * [CVE-2022-30198](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30198>)\n * [CVE-2022-33634](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33634>)\n * [CVE-2022-38000](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38000>)\n * [CVE-2022-38047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38047>)\n * [CVE-2022-41081](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41081>)\n\nCVE-2022-38000 is the most serious among the group with a severity rating of 9. An attacker could successfully exploit this issue to launch remote code at the remote server.\n\nMicrosoft Office and Word also contain critical remote code execution vulnerabilities. These are usually popular targets for adversaries, as they are one of the most popular pieces of software in the world and can be exploited just by tricking a user into opening a specially crafted document:\n\n * [CVE-2022-38048](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38048>)\n * [CVE-2022-38049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41031>)\n * [CVE-2022-41031](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41032>)\n\nMicrosoft has also included 12 vulnerabilities in Google Chromium, the open-source web browser that is the basis for Microsoft's Edge browser. Google has already disclosed and fixed these issues, so users do not need to take any additional steps to implement patches:\n\n * CVE-2022-3304\n * CVE-2022-3307\n * CVE-2022-3308\n * CVE-2022-3310\n * CVE-2022-3311\n * CVE-2022-3313\n * CVE-2022-3315\n * CVE-2022-3316\n * CVE-2022-3317\n * CVE-2022-3370\n * CVE-2022-3373\n * CVE-2022-41035\n\nA complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.\n\nIn response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.\n\nThe rules included in this release that protect against the exploitation of many of these vulnerabilities are 60693 - 60696, 60698 - 60701, 60706, 60701 - 60705, 60708 and 60709. There are also Snort 3 SIDs 300290 - 300296, 300297 and 300298.", "published": "2022-10-11T18:01:00", "modified": "2022-10-11T18:01:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://blog.talosintelligence.com/microsoft-patch-tuesday-for-october/", "reporter": "Jonathan Munshaw", "references": [], "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-3304", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3313", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-33634", "CVE-2022-3370", "CVE-2022-3373", "CVE-2022-37968", "CVE-2022-37976", "CVE-2022-37979", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-38048", "CVE-2022-38049", "CVE-2022-41031", "CVE-2022-41032", "CVE-2022-41035", "CVE-2022-41038", "CVE-2022-41081"], "immutableFields": [], "lastseen": "2022-11-03T15:20:29", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:6911", "ALSA-2022:6912"]}, {"type": "avleonov", "idList": ["AVLEONOV:58634A9ABF4922115976139024831EB9"]}, {"type": "chrome", "idList": ["GCSA-2051179631675359832", "GCSA-8820382610464526564"]}, {"type": "cve", "idList": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-3304", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3313", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-33634", "CVE-2022-3370", "CVE-2022-3373", "CVE-2022-37968", "CVE-2022-37976", "CVE-2022-37979", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-38048", "CVE-2022-38049", "CVE-2022-38053", "CVE-2022-41031", "CVE-2022-41032", "CVE-2022-41035", "CVE-2022-41036", "CVE-2022-41037", "CVE-2022-41038", "CVE-2022-41081"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5244-1:E42C3", "DEBIAN:DSA-5245-1:D4746"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-3304", "DEBIANCVE:CVE-2022-3307", "DEBIANCVE:CVE-2022-3308", "DEBIANCVE:CVE-2022-3310", "DEBIANCVE:CVE-2022-3311", "DEBIANCVE:CVE-2022-3313", "DEBIANCVE:CVE-2022-3315", "DEBIANCVE:CVE-2022-3316", "DEBIANCVE:CVE-2022-3317", "DEBIANCVE:CVE-2022-3370", "DEBIANCVE:CVE-2022-3373", "DEBIANCVE:CVE-2022-41032"]}, {"type": "freebsd", "idList": ["18529CB0-3E9C-11ED-9BC7-3065EC8FD3EC", "D459C914-4100-11ED-9BC7-3065EC8FD3EC"]}, {"type": "gentoo", "idList": ["GLSA-202210-16"]}, {"type": "github", "idList": ["GHSA-G3Q9-XF95-8HP5"]}, {"type": "kaspersky", "idList": ["KLA19267", "KLA19999", "KLA20000", "KLA20001", "KLA20002", "KLA20004", "KLA20005"]}, {"type": "krebs", "idList": ["KREBS:04BF4A7775A9C0B7DE1A20C71586245A"]}, {"type": "mageia", "idList": ["MGASA-2022-0357"]}, {"type": "mscve", "idList": ["MS:CVE-2022-22035", "MS:CVE-2022-24504", "MS:CVE-2022-30198", "MS:CVE-2022-3304", "MS:CVE-2022-3307", "MS:CVE-2022-3308", "MS:CVE-2022-3310", "MS:CVE-2022-3311", "MS:CVE-2022-3313", "MS:CVE-2022-3315", "MS:CVE-2022-3316", "MS:CVE-2022-3317", "MS:CVE-2022-33634", "MS:CVE-2022-3370", "MS:CVE-2022-3373", "MS:CVE-2022-37968", "MS:CVE-2022-37976", "MS:CVE-2022-37979", "MS:CVE-2022-38000", "MS:CVE-2022-38047", "MS:CVE-2022-38048", "MS:CVE-2022-38049", "MS:CVE-2022-38053", "MS:CVE-2022-41031", "MS:CVE-2022-41032", "MS:CVE-2022-41035", "MS:CVE-2022-41036", "MS:CVE-2022-41037", "MS:CVE-2022-41038", "MS:CVE-2022-41081"]}, {"type": "mskb", "idList": ["KB5002026", "KB5002278", "KB5002279", "KB5002283", "KB5002284", "KB5002287", "KB5002288", "KB5002290", "KB5018410", "KB5018411", "KB5018418", "KB5018421", "KB5018457", "KB5018474", "KB5018476", "KB5018478", "KB5019349", "KB5019351"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-5244.NASL", "DEBIAN_DSA-5245.NASL", "FREEBSD_PKG_18529CB03E9C11ED9BC73065EC8FD3EC.NASL", "FREEBSD_PKG_D459C914410011ED9BC73065EC8FD3EC.NASL", "GENTOO_GLSA-202210-16.NASL", "GOOGLE_CHROME_106_0_5249_61.NASL", "GOOGLE_CHROME_106_0_5249_91.NASL", "MACOSX_GOOGLE_CHROME_106_0_5249_61.NASL", "MACOSX_GOOGLE_CHROME_106_0_5249_91.NASL", "MACOS_MS22_OCT_OFFICE.NASL", "MACOS_MS22_OCT_VISUAL_STUDIO.NASL", "MICROSOFT_EDGE_CHROMIUM_106_0_1370_34.NASL", "ORACLELINUX_ELSA-2022-6911.NASL", "ORACLELINUX_ELSA-2022-6912.NASL", "ORACLELINUX_ELSA-2022-6913.NASL", "REDHAT-RHSA-2022-6911.NASL", "REDHAT-RHSA-2022-6912.NASL", "REDHAT-RHSA-2022-6913.NASL", "REDHAT-RHSA-2022-6914.NASL", "REDHAT-RHSA-2022-6915.NASL", "SMB_NT_MS22_OCT_5018410.NASL", "SMB_NT_MS22_OCT_5018411.NASL", "SMB_NT_MS22_OCT_5018418.NASL", "SMB_NT_MS22_OCT_5018419.NASL", "SMB_NT_MS22_OCT_5018421.NASL", "SMB_NT_MS22_OCT_5018425.NASL", "SMB_NT_MS22_OCT_5018446.NASL", "SMB_NT_MS22_OCT_5018476.NASL", "SMB_NT_MS22_OCT_5018478.NASL", "SMB_NT_MS22_OCT_5018479.NASL", "SMB_NT_MS22_OCT_DOTNET_CORE.NASL", "SMB_NT_MS22_OCT_OFFICE.NASL", "SMB_NT_MS22_OCT_OFFICE_SHAREPOINT_2013.NASL", "SMB_NT_MS22_OCT_OFFICE_SHAREPOINT_2016.NASL", "SMB_NT_MS22_OCT_OFFICE_SHAREPOINT_2019.NASL", "SMB_NT_MS22_OCT_OFFICE_SHAREPOINT_SUBSCR.NASL", "SMB_NT_MS22_OCT_VISUAL_STUDIO.NASL", "SMB_NT_MS22_OCT_WORD_C2R.NASL", "UBUNTU_USN-5670-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-6911", "ELSA-2022-6912", "ELSA-2022-6913"]}, {"type": "osv", "idList": ["OSV:DSA-5244-1", "OSV:DSA-5245-1", "OSV:GHSA-G3Q9-XF95-8HP5"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:F062F85432853297A014064EA7A5C183"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:B37CF2E44EB6AA38B417BB09297CD3E1"]}, {"type": "redhat", "idList": ["RHSA-2022:6911", "RHSA-2022:6912", "RHSA-2022:6913", "RHSA-2022:6914", "RHSA-2022:6915"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-41032"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:10138-1", "OPENSUSE-SU-2022:10139-1"]}, {"type": "talosblog", "idList": ["TALOSBLOG:E5CB52FAF6F4E4360A360412C9377097", "TALOSBLOG:FC6B0635136460B7A28F081107A8712E"]}, {"type": "thn", "idList": ["THN:0521233945B9471C64D546BD2B006823"]}, {"type": "ubuntu", "idList": ["USN-5670-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-3304", "UB:CVE-2022-3307", "UB:CVE-2022-3308", "UB:CVE-2022-3310", "UB:CVE-2022-3311", "UB:CVE-2022-3313", "UB:CVE-2022-3315", "UB:CVE-2022-3316", "UB:CVE-2022-3317", "UB:CVE-2022-3370", "UB:CVE-2022-3373", "UB:CVE-2022-41032"]}, {"type": "veracode", "idList": ["VERACODE:37457", "VERACODE:37458", "VERACODE:37461", "VERACODE:37462", "VERACODE:37463", "VERACODE:37466", "VERACODE:37468", "VERACODE:37469", "VERACODE:37471", "VERACODE:37472", "VERACODE:37473", "VERACODE:37538"]}, {"type": "zdi", "idList": ["ZDI-22-1411"]}]}, "score": {"value": -0.0, "vector": "NONE"}, "epss": [{"cve": "CVE-2022-22035", "epss": "0.006120000", "percentile": "0.754370000", "modified": "2023-03-20"}, {"cve": "CVE-2022-24504", "epss": "0.006120000", "percentile": "0.754370000", "modified": "2023-03-20"}, {"cve": "CVE-2022-30198", "epss": "0.006120000", "percentile": "0.754370000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3304", "epss": "0.000620000", "percentile": "0.243790000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3307", "epss": "0.000620000", "percentile": "0.243790000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3308", "epss": "0.000660000", "percentile": "0.270980000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3310", "epss": "0.000480000", "percentile": "0.147920000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3311", "epss": "0.000870000", "percentile": "0.355680000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3313", "epss": "0.000610000", "percentile": "0.239860000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3315", "epss": "0.000620000", "percentile": "0.245820000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3316", "epss": "0.000610000", "percentile": "0.238540000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3317", "epss": "0.000610000", "percentile": "0.238540000", "modified": "2023-03-20"}, {"cve": "CVE-2022-33634", "epss": "0.006120000", "percentile": "0.754370000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3370", "epss": "0.000620000", "percentile": "0.243790000", "modified": "2023-03-20"}, {"cve": "CVE-2022-3373", "epss": "0.000620000", "percentile": "0.245820000", "modified": "2023-03-20"}, {"cve": "CVE-2022-37968", "epss": "0.002280000", "percentile": "0.592370000", "modified": "2023-03-20"}, {"cve": "CVE-2022-37976", "epss": "0.000660000", "percentile": "0.267840000", "modified": "2023-03-20"}, {"cve": "CVE-2022-37979", "epss": "0.000440000", "percentile": "0.078860000", "modified": "2023-03-20"}, {"cve": "CVE-2022-38000", "epss": "0.006120000", "percentile": "0.754370000", "modified": "2023-03-20"}, {"cve": "CVE-2022-38047", "epss": "0.006120000", "percentile": "0.754370000", "modified": "2023-03-20"}, {"cve": "CVE-2022-38048", "epss": "0.001140000", "percentile": "0.434400000", "modified": "2023-03-20"}, {"cve": "CVE-2022-38049", "epss": "0.001130000", "percentile": "0.432610000", "modified": "2023-03-20"}, {"cve": "CVE-2022-41031", "epss": "0.001130000", "percentile": "0.432610000", "modified": "2023-03-20"}, {"cve": "CVE-2022-41032", "epss": "0.000480000", "percentile": "0.145440000", "modified": "2023-03-20"}, {"cve": "CVE-2022-41035", "epss": "0.000930000", "percentile": "0.382400000", "modified": "2023-03-20"}, {"cve": "CVE-2022-41038", "epss": "0.003830000", "percentile": "0.688320000", "modified": "2023-03-20"}, {"cve": "CVE-2022-41081", "epss": "0.021420000", "percentile": "0.874950000", "modified": "2023-03-20"}], "vulnersScore": -0.0}, "_state": {"dependencies": 1667489119, "score": 1667492674, "epss": 1679338714}, "_internal": {"score_hash": "1aeee211c56d7362d23af7bc91010fb4"}}

{"talosblog": [{"lastseen": "2022-10-11T22:01:10", "description": "## \n\n\n[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvXCye060I61J31UBGmMV_5mqpTAh7foLGLne5aFYWIlZxCq7d8e_XxLW4m5G4EkBKWilGIuCD11duEEi2wgeW9F8SYYge1DnORfNaWkMedRFv29r_49ir-uGKu95M0_ovbo_Ppn3_AKlrA4sTtLUxIFV2sqiaH2G2sqQW39peOSAgNqbOetUWnyW4/s16000/recurring%20blog%20images_patch%20tuesday.jpg)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvXCye060I61J31UBGmMV_5mqpTAh7foLGLne5aFYWIlZxCq7d8e_XxLW4m5G4EkBKWilGIuCD11duEEi2wgeW9F8SYYge1DnORfNaWkMedRFv29r_49ir-uGKu95M0_ovbo_Ppn3_AKlrA4sTtLUxIFV2sqiaH2G2sqQW39peOSAgNqbOetUWnyW4/s1001/recurring%20blog%20images_patch%20tuesday.jpg>)\n\n \n_ \n_\n\n_By Jon Munshaw and Vanja Svajcer._\n\nMicrosoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company\u2019s hardware and software line, including seven critical issues in Windows\u2019 point-to-point tunneling protocol. \n\nOctober's security update features 11 critical vulnerabilities, with the remainder being \u201cimportant.\u201d \n\nOne of the most notable vulnerabilities Microsoft fixed this month is [CVE-2022-41038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038>), a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month\u2019s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be \u201cmore likely\u201d to be exploited. \n\nAn attacker must be authenticated to the target site with the correct permissions to use manage lists in SharePoint to exploit this vulnerability, and eventually gain the ability to execute remote code on the SharePoint server. \n\n[CVE-2022-37968](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968>), an elevation of privilege vulnerability in Azure Arc Connect, has the highest severity score out of all the vulnerabilities Microsoft fixed this month \u2014 a maximum 10 out of 10. Successful exploitation of this vulnerability, which affects the cluster connect feature of Azure Arc-enabled Kubernetes clusters, could allow an unauthenticated user to elevate their privileges as cluster admins and potentially gain control over the Kubernetes cluster. \n\n[CVE-2022-37976](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>) and [CVE-2022-37979](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37979>) are also critical elevation of privilege vulnerabilities in Windows Active Directory and Hyper-V, respectively. \n\nThe Windows\u2019 point-to-point tunneling protocol, which is a network protocol used to create VPN tunnels between public networks, contains eight vulnerabilities that Microsoft disclosed Tuesday, seven of which are rated \u201ccritical\u201d severity: \n\n * [CVE-2022-22035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22035>)\n * [CVE-2022-24504](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24504>) \n * [CVE-2022-30198](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30198>) \n * [CVE-2022-33634](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33634>) \n * [CVE-2022-38000](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38000>) \n * [CVE-2022-38047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38047>) \n * [CVE-2022-41081](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41081>) \n\nCVE-2022-38000 is the most serious among the group with a severity rating of 9. An attacker could successfully exploit this issue to launch remote code at the remote server. \n\nMicrosoft Office and Word also contain critical remote code execution vulnerabilities. These are usually popular targets for adversaries, as they are one of the most popular pieces of software in the world and can be exploited just by tricking a user into opening a specially crafted document: \n\n * [CVE-2022-38048](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38048>)\n * [CVE-2022-38049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38049>) \n * [CVE-2022-41031](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41031>) \n\nMicrosoft has also included 12 vulnerabilities in Google Chromium, the open-source web browser that is the basis for Microsoft\u2019s Edge browser. Google has already disclosed and fixed these issues, so users do not need to take any additional steps to implement patches: \n\n * [CVE-2022-3304](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3304>) \n * [CVE-2022-3307](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3307>) \n * [CVE-2022-3308](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3308>) \n * [CVE-2022-3310](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3310>) \n * [CVE-2022-3311](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3311>) \n * [CVE-2022-3313](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3313>) \n * [CVE-2022-3315](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3315>) \n * [CVE-2022-3316](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3316>) \n * [CVE-2022-3317](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3317>) \n * [CVE-2022-3370](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3370>) \n * [CVE-2022-3373](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3373>) \n * [CVE-2022-41035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>) \n\nA complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page. \n\nIn response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n\nThe rules included in this release that protect against the exploitation of many of these vulnerabilities are 60693 - 60696, 60698 - 60701, 60706, 60701 - 60705, 60708 and 60709. There are also Snort 3 SIDs 300290 - 300296, 300297 and 300298.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-11T18:11:00", "type": "talosblog", "title": "Microsoft Patch Tuesday for October 2022 \u2014 Snort rules and prominent vulnerabilities", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-3304", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3313", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-33634", "CVE-2022-3370", "CVE-2022-3373", "CVE-2022-37968", "CVE-2022-37976", "CVE-2022-37979", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-38048", "CVE-2022-38049", "CVE-2022-41031", "CVE-2022-41035", "CVE-2022-41038", "CVE-2022-41081"], "modified": "2022-10-11T20:02:01", "id": "TALOSBLOG:FC6B0635136460B7A28F081107A8712E", "href": "http://blog.talosintelligence.com/2022/10/microsoft-patch-tuesday-for-october.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-13T19:17:55", "description": "[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLGV0qm1JxU91RjdxVIuHS5qpDp6eR5oqC3GXE4GKh74vcE6eErdX-odGGmldK4seEV08PmWVUMwC9eHiY-MNvEWPJqq7kEe3k9gjAfn0ai-JRQnZ3GdRiAki_wed_Ctz2-MbeTD591fAVRErXhYumK3_GFcUGqEBUmnA_aeVfgK2rZKQ7AW0eYUiY/s16000/threat-source-newsletter.jpg)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLGV0qm1JxU91RjdxVIuHS5qpDp6eR5oqC3GXE4GKh74vcE6eErdX-odGGmldK4seEV08PmWVUMwC9eHiY-MNvEWPJqq7kEe3k9gjAfn0ai-JRQnZ3GdRiAki_wed_Ctz2-MbeTD591fAVRErXhYumK3_GFcUGqEBUmnA_aeVfgK2rZKQ7AW0eYUiY/s2000/threat-source-newsletter.jpg>)\n\n \n\n\n_By Jon Munshaw. _\n\n[![](https://blogger.googleusercontent.com/img/a/AVvXsEj-mJ-nkfcUqAs6gZvX8xS2acg2Gomq1k9sbhaev8z9XCZnVEc3hnBv_CAEBr5YFPKbzeHm615Hm1J6VmtXbPW-VDGf1Y6GkVCjPTnH973CDJSSnSoxB93Nru0Ohx-w8atdDxbRuYdx1wk5h-eUvHihWfJ9aTwOLINT1HzhDqTPflICljFmGplz6bX9=w114-h42)](<https://engage2demand.cisco.com/SubscribeTalosThreatSource>)\n\nWelcome to this week\u2019s edition of the Threat Source newsletter. \n\n \n\n\nOctober is National Cybersecurity Awareness Month. Which, if you\u2019ve been on social media at all the past 13 days or read any cybersecurity news website, you surely know already. \n\n \n\n\nAs it does every year, I saw Cybersecurity Awareness Month kick off with a [lot of snark](<https://www.washingtonpost.com/politics/2022/10/04/dread-sincerity-comedy-cybersecurity-awareness-month/>) and [memes](<https://twitter.com/NSA_CSDirector/status/1576879730006974464>) of people joking about what it even means to be \u201caware\u201d of cybersecurity and why we even have this month at all. And I get why it\u2019s easy to poke fun at, it is at its core a marketing-driven campaign, and hardcore security experts and researchers have notoriously pushed back against this being a marketing-driven field. \n\n \n\n\nI\u2019m not saying there should be Cybersecurity Awareness Month mascots brought to life on the floor of Black Hat, but it is probably time to pump the brakes on the skepticism and snark. After all, this week should be about broadening the security community, not trying to exclude others from it. I came to Talos almost five years ago at this point knowing little to nothing about security. I had written about everything from ballet dancing to local government ordinances and zoning laws in my previous field, but the second someone mentioned a \u201ccontainer\u201d in relation to computers I could only picture the big metal ones on the decks of freighter boats. The only reason I\u2019ve made it to this point in my career is the support of my employer and co-workers, and their openness to these kinds of conversations. \n\n \n\n\nAnd even five years into the field, I still have so much more to learn. But an easy way for me to digest security is through these high-level conversations, memes, \u201cawareness\u201d stories and \u201cexplain like I\u2019m five\u201d questions. \n\n \n\n\nMy sister-in-law recently had her Instagram account hacked by some bitcoin-mining operation to the point she just had to cut her losses and create a new account. Before that, she didn\u2019t know that enabling multi-factor authentication in Instagram was even an option. Or that because her one password had been compromised on one site meant an attacker might try that same password on another site with an easy-to-guess email address. \n\n \n\n\nMy wife never thought to check the \u201cTo\u201d field of her emails if she thinks the Post Office is actually holding a package from her before realizing the link is from \u201cussps.zone\u201d or something. In those cases, they quite literally are not aware of the security risks in these cases, it\u2019s not that they were willingly ignoring it. \n\n \n\n\nThat\u2019s why I think National Cybersecurity Awareness Month is still important. It\u2019s not for the security practitioners who have been following the same group of 100 people for the past 10 years, it\u2019s for the public who does need to become more aware of the current cybersecurity risks that are out there. It's probably worth putting the jokes aside for a week or two just to take the time to tell someone about why they shouldn\u2019t just click on any link that\u2019s texted to them from a number with the same area code as them. \n\n \n\n\nThat\u2019s how I learned, and that\u2019s how a lot of my colleagues have learned \u2014 just asking questions (some of them that may seem dumb at first). If you want to make it easier to start a conversation with any of your friends and family this October about security, any of the resources on [Cisco\u2019s NCSAM page](<https://www.cisco.com/c/en/us/products/security/national-cybersecurity-awareness-month.html>) are a great place to start. \n\n \n\n\n \n\n\n## The one big thing \n\nMicrosoft [released its monthly security update Tuesday](<https://blog.talosintelligence.com/2022/10/microsoft-patch-tuesday-for-october.html>), disclosing 83 vulnerabilities across the company\u2019s hardware and software line, including seven critical issues in Windows\u2019 point-to-point tunneling protocol. October's security update features 11 critical vulnerabilities, with the remainder being \u201cimportant.\u201d \n\n> ### Why do I care? \n> \n> Many of the critical vulnerabilities included in this month\u2019s security release could lead to remote code execution, which is usually the worst of the worst when it comes to vulnerabilities. One of the most notable vulnerabilities Microsoft fixed this month is [CVE-2022-41038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038>), a remote code execution issue in Microsoft SharePoint. There are several other SharePoint vulnerabilities included in this month\u2019s Patch Tuesday, though this seems the most severe, as Microsoft continues it to be \u201cmore likely\u201d to be exploited. \n> \n> ### So now what?\n\n> Patch all your Microsoft hardware and software as soon as possible in accordance with the guidance the company provides on its [update page](<https://msrc.microsoft.com/update-guide/>). Talos has also released several Snort rules to protect against the exploitation of many of these vulnerabilities. \n\n> \n\n## Top security headlines from the week\n\n \n\n\nThe Killnet Russian state-sponsored threat actor took credit for several high-profile cyber attacks this week, including the disruption of websites belonging to major American airports and state governments. The group posted on Telegram that it was behind a distributed denial-of-service attack on several airports\u2019 sites, including Los Angeles International, Chicago O'Hare and Hartsfield-Jackson International in Atlanta, some of the largest in the U.S. However, no flight operations were disrupted. Prior to that, they also carried out DDoS attacks against state government-run websites in Colorado, Connecticut, Kentucky and Mississippi, including local election committees. Killnet also took responsibility for disrupting bank JP Morgan\u2019s infrastructure, though the bank denied it experienced any negative effects from the attack. ([NPR](<https://www.npr.org/2022/10/10/1127902795/airport-killnet-cyberattack-hacker-russia>), [SC Magazine](<https://www.scmagazine.com/analysis/cybercrime/amid-reports-of-jp-morgan-cyberattack-experts-call-killnet-unsophisticated-media-hungry>), [StateScoop](<https://statescoop.com/russia-ukraine-killnet-ddos-state-governments/>)) \n\nMicrosoft updated its mitigations for the so-called \u201cProxyNotShell\u201d zero-day vulnerabilities in Exchange Server after security researchers found the initial recommendations could be bypassed. However, there was no formal patch for the issues in this week\u2019s Patch Tuesday as some had expected. An attacker could exploit the flaws to achieve remote code execution on the underlying server. Microsoft also says it's investigating a possibly different vulnerability in Exchange Server that\u2019s being exploited in the wild, though they aren\u2019t ruling out that the new report could be connected to ProxyNotShell. ([The Hacker News](<https://thehackernews.com/2022/10/microsoft-issues-improved-mitigations.html>), [The Register](<https://www.theregister.com/2022/10/11/october_patch_tuesday/>), [The Record](<https://therecord.media/microsoft-investigating-alleged-exchange-zero-day/>)) \n\nFacebook warned more than a million users that their login credentials could have been stolen if they downloaded one of 400 malicious apps on the Google Play and Apple app stores. The malicious apps disguised themselves as mobile games, photo editing or fitness tracking apps, among others, according to Facebook. Users who may have logged into Facebook through the malicious app could have had their information stolen. Facebook has already notified the users affected, warning them to enable two-factor authentication on their accounts and change their passwords. Forty-seven of the apps existed on the Apple store, while the remainder were Android-based. ([CNET](<https://www.cnet.com/tech/services-and-software/facebook-says-these-400-apps-might-have-stolen-user-logins/>), [Engadget](<https://www.engadget.com/meta-warns-malicious-third-party-apps-apple-google-120049486.html>)) \n\n \n\n\n## Can\u2019t get enough Talos? \n\n * _[Talos Takes Ep. #116: The latest on Lockbit 3.0 drama and the rest of the ransomware landscape](<https://www.buzzsprout.com/2018149/episodes/11457844>)_\n * _[Threat Roundup for Sept. 30 to Oct. 7](<https://blog.talosintelligence.com/2022/10/threat-roundup-0930-1007.html>)_\n * _[How ransomware turned into the stuff of nightmares for modern businesses](<https://www.techradar.com/features/how-ransomware-turned-into-the-stuff-of-nightmares-for-modern-businesses>)_\n * _[VMware Patches Code Execution Vulnerability in vCenter Server](<https://www.securityweek.com/vmware-patches-code-execution-vulnerability-vcenter-server>)_\n \n\n\n## Upcoming events where you can find Talos \n\n \n\n\n \n\n\n**_[GovWare 2022](<https://www.govware.sg/govware/2022/event-info>)_ (Oct. 18 - 20)**\n\nSands Expo & Convention Centre, Singapore \n\n \n\n\n**_[Conference On Applied Machine Learning For Information Security](<https://www.camlis.org/>) _**** (Oct. 20 - 21)**\n\nSands Capital Management, Arlington, Virginia \n\n \n\n\n**_[BSides Lisbon](<https://www.bsideslisbon.org/>)_ (Nov. 10 - 11)**\n\nCidade Universit\u00e1ria, Lisboa, Portugal \n\n \n\n\n## Most prevalent malware files from Talos telemetry over the past week \n\n** \n**\n\n**SHA 256: **[125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645](<https://www.virustotal.com/gui/file/125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645/details>)** **\n\n**MD5: **2c8ea737a232fd03ab80db672d50a17a ** **\n\n**Typical Filename: **LwssPlayer.scr ** **\n\n**Claimed Product: **\u68a6\u60f3\u4e4b\u5dc5\u5e7b\u706f\u64ad\u653e\u5668 \n\n**Detection Name: **Auto.125E12.241442.in02 \n\n** \n**\n\n**SHA 256: **[e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934](<https://www.virustotal.com/gui/file/e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934/details>)** \n****MD5: **93fefc3e88ffb78abb36365fa5cf857c ** \n****Typical Filename: **Wextract \n**Claimed Product: **Internet Explorer \n**Detection Name: **PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg \n\n \n\n\n**SHA 256: **[1a234656f81e870cdeb0e648a6b305a41452c405cca21124de26b54f79d55ad0](<https://www.virustotal.com/gui/file/1a234656f81e870cdeb0e648a6b305a41452c405cca21124de26b54f79d55ad0/details>) \n\n**MD5: **10f1561457242973e0fed724eec92f8c \n\n**Typical Filename: **ntuser.vbe \n\n**Claimed Product: **N/A** **\n\n**Detection Name: **Auto.1A234656F8.211848.in07.Talos \n\n** \n**\n\n**SHA 256: **[e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c](<https://www.virustotal.com/gui/file/e12b6641d7e7e4da97a0ff8e1a0d4840c882569d47b8fab8fb187ac2b475636c/details>)** **\n\n**MD5: **a087b2e6ec57b08c0d0750c60f96a74c\n\n**Typical Filename: **AAct.exe** **\n\n**Claimed Product: **N/A \n\n**Detection Name: **PUA.Win.Tool.Kmsauto::1201 \n\n** \n**\n\n**SHA 256: **[63d543945e33b4b6088dc34d0550213dc73ea6acce248d8353c63039e8fa284f](<https://www.virustotal.com/gui/file/63d543945e33b4b6088dc34d0550213dc73ea6acce248d8353c63039e8fa284f/details>) \n\n**MD5: **a779d230c944ef200bce074407d2b8ff \n\n**Typical Filename: **mediaget.exe** **\n\n**Claimed Product: **MediaGet \n\n**Detection Name: **W32.File.MalParent", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T18:00:00", "type": "talosblog", "title": "Threat Source newsletter (Oct. 13, 2022) \u2014 Cybersecurity Awareness Month is all fun and memes until someone gets hurt", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-41038"], "modified": "2022-10-13T18:00:00", "id": "TALOSBLOG:E5CB52FAF6F4E4360A360412C9377097", "href": "http://blog.talosintelligence.com/2022/10/threat-source-newsletter-oct-13-2022.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-01-10T19:33:37", "description": "The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.34. It is, therefore, affected by multiple vulnerabilities as referenced in the October 3, 2022 advisory.\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-06T00:00:00", "type": "nessus", "title": "Microsoft Edge (Chromium) < 106.0.1370.34 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3304", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3313", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3370", "CVE-2022-3373", "CVE-2022-41035"], "modified": "2022-11-21T00:00:00", "cpe": ["cpe:/a:microsoft:edge"], "id": "MICROSOFT_EDGE_CHROMIUM_106_0_1370_34.NASL", "href": "https://www.tenable.com/plugins/nessus/165721", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165721);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/21\");\n\n script_cve_id(\"CVE-2022-3370\", \"CVE-2022-3373\");\n script_xref(name:\"IAVA\", value:\"2022-A-0396-S\");\n\n script_name(english:\"Microsoft Edge (Chromium) < 106.0.1370.34 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an web browser installed that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Edge installed on the remote Windows host is prior to 106.0.1370.34. It is, therefore, affected\nby multiple vulnerabilities as referenced in the October 3, 2022 advisory.\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#october-3-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2c48e7f3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Microsoft Edge version 106.0.1370.34 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3311\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3373\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:edge\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_edge_chromium_installed.nbin\");\n script_require_keys(\"installed_sw/Microsoft Edge (Chromium)\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar app_info = vcf::get_app_info(app:'Microsoft Edge (Chromium)', win_local:TRUE);\nvar constraints = [\n { 'fixed_version' : '106.0.1370.34' }\n];\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:35:39", "description": "The Microsoft Word Products are missing a security update. It is, therefore, affected by multiple remote code execution vulnerabilities. Unauthenticated attackers can exploit these to execute code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Word Products C2R (October 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-38048", "CVE-2022-38049", "CVE-2022-41031"], "modified": "2022-12-14T00:00:00", "cpe": ["cpe:/a:microsoft:word"], "id": "SMB_NT_MS22_OCT_WORD_C2R.NASL", "href": "https://www.tenable.com/plugins/nessus/166060", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc. \n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166060);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/14\");\n\n script_cve_id(\"CVE-2022-38048\", \"CVE-2022-38049\", \"CVE-2022-41031\");\n script_xref(name:\"IAVA\", value:\"2022-A-0412-S\");\n\n script_name(english:\"Security Updates for Microsoft Word Products C2R (October 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Word Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Word Products are missing a security update. It is, therefore, affected by multiple remote code execution\nvulnerabilities. Unauthenticated attackers can exploit these to execute code on the affected system.\");\n # https://learn.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates#october-11-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1217239b\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-microsoft365-apps-by-date\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4508ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"For Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-38048\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-41031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:word\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar bulletin = 'MS22-10';\n\nvar constraints = [\n {'fixed_version':'16.0.15629.20208','channel':'2016 Retail'},\n {'fixed_version':'16.0.15629.20208','channel':'Current'},\n {'fixed_version':'16.0.15601.20230','channel':'Enterprise Deferred','channel_version':'2208'},\n {'fixed_version':'16.0.15427.20308','channel':'Enterprise Deferred'},\n {'fixed_version':'16.0.15601.20230','channel':'First Release for Deferred'},\n {'fixed_version':'16.0.14931.20764','channel':'Deferred','channel_version':'2202'},\n {'fixed_version':'16.0.14326.21186','channel':'Deferred'},\n {'fixed_version':'16.0.12527.22239','channel':'Microsoft 365 Apps on Windows 7'},\n {'fixed_version':'16.0.15629.20208','channel':'2021 Retail'},\n {'fixed_version':'16.0.15629.20208','channel':'2019 Retail'},\n {'fixed_version':'16.0.14332.20400','channel':'LTSC 2021'},\n {'fixed_version':'16.0.10391.20029','channel':'2019 Volume'}\n];\n\nvcf::microsoft::office_product::check_version_and_report(\n constraints:constraints,\n severity:SECURITY_HOLE,\n bulletin:bulletin,\n subproduct:'Word'\n);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:33:37", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec advisory.\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-11-04T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_18529CB03E9C11ED9BC73065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/165507", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165507);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/04\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0388-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec advisory.\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97263b93\");\n # https://vuxml.freebsd.org/freebsd/18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1468f7a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3318\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3315\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<106.0.5249.61'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:32:54", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5244 advisory.\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "Debian DSA-5244-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-11-03T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5244.NASL", "href": "https://www.tenable.com/plugins/nessus/165594", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5244. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165594);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/03\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"Debian DSA-5244-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5244 advisory.\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - Type confusion in Blink. (CVE-2022-3315)\n\n - Insufficient validation of untrusted input in Safe Browsing. (CVE-2022-3316)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 106.0.5249.61-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3318\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3315\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '106.0.5249.61-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '106.0.5249.61-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:35:12", "description": "The version of Google Chrome installed on the remote Windows host is prior to 106.0.5249.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_27 advisory.\n\n - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low) (CVE-2022-3318)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3304)\n\n - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "Google Chrome < 106.0.5249.61 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3444"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_106_0_5249_61.NASL", "href": "https://www.tenable.com/plugins/nessus/165502", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165502);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\",\n \"CVE-2022-3444\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0379-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0388-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"Google Chrome < 106.0.5249.61 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 106.0.5249.61. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_27 advisory.\n\n - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a\n remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI\n interaction. (Chromium security severity: Low) (CVE-2022-3318)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3304)\n\n - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97263b93\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1358907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1343104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1319229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1320139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1323488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1342722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1348415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1302813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1303306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1317904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1328708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1322812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1333623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1300539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1318791\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 106.0.5249.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3318\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3315\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'106.0.5249.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:34:40", "description": "The version of Google Chrome installed on the remote macOS host is prior to 106.0.5249.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_27 advisory.\n\n - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI interaction. (Chromium security severity: Low) (CVE-2022-3318)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3304)\n\n - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "Google Chrome < 106.0.5249.61 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3444"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_106_0_5249_61.NASL", "href": "https://www.tenable.com/plugins/nessus/165503", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165503);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\",\n \"CVE-2022-3444\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0379-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0388-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"Google Chrome < 106.0.5249.61 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 106.0.5249.61. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_27 advisory.\n\n - Use after free in ChromeOS Notifications in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a\n remote attacker who convinced a user to reboot Chrome OS to potentially exploit heap corruption via UI\n interaction. (Chromium security severity: Low) (CVE-2022-3318)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3201)\n\n - Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3304)\n\n - Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially\n exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3307)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97263b93\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1358907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1343104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1319229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1320139\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1323488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1342722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1348415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1240065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1302813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1303306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1317904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1328708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1322812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1333623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1300539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1318791\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 106.0.5249.61 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3318\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3315\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'106.0.5249.61', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:36:25", "description": "The remote host is affected by the vulnerability described in GLSA-202210-16 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-41035)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-3315, CVE-2022-3316, CVE-2022-3370, CVE-2022-3373)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\n - Use after free in Skia. (CVE-2022-3445)\n\n - Heap buffer overflow in WebSQL. (CVE-2022-3446)\n\n - Inappropriate implementation in Custom Tabs. (CVE-2022-3447)\n\n - Use after free in Permissions API. (CVE-2022-3448)\n\n - Use after free in Safe Browsing. (CVE-2022-3449)\n\n - Use after free in Peer Connection. (CVE-2022-3450)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-31T00:00:00", "type": "nessus", "title": "GLSA-202210-16 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3370", "CVE-2022-3373", "CVE-2022-3445", "CVE-2022-3446", "CVE-2022-3447", "CVE-2022-3448", "CVE-2022-3449", "CVE-2022-3450", "CVE-2022-41035"], "modified": "2022-10-31T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:chromium", "p-cpe:/a:gentoo:linux:chromium-bin", "p-cpe:/a:gentoo:linux:google-chrome", "p-cpe:/a:gentoo:linux:microsoft-edge", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202210-16.NASL", "href": "https://www.tenable.com/plugins/nessus/166728", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202210-16.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166728);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/31\");\n\n script_cve_id(\n \"CVE-2022-3201\",\n \"CVE-2022-3304\",\n \"CVE-2022-3305\",\n \"CVE-2022-3306\",\n \"CVE-2022-3307\",\n \"CVE-2022-3308\",\n \"CVE-2022-3309\",\n \"CVE-2022-3310\",\n \"CVE-2022-3311\",\n \"CVE-2022-3312\",\n \"CVE-2022-3313\",\n \"CVE-2022-3314\",\n \"CVE-2022-3315\",\n \"CVE-2022-3316\",\n \"CVE-2022-3317\",\n \"CVE-2022-3318\",\n \"CVE-2022-3370\",\n \"CVE-2022-3373\",\n \"CVE-2022-3445\",\n \"CVE-2022-3446\",\n \"CVE-2022-3447\",\n \"CVE-2022-3448\",\n \"CVE-2022-3449\",\n \"CVE-2022-3450\",\n \"CVE-2022-41035\"\n );\n\n script_name(english:\"GLSA-202210-16 : Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202210-16 (Chromium, Google Chrome, Microsoft Edge:\nMultiple Vulnerabilities)\n\n - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to\n 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass\n navigation restrictions via a crafted HTML page. (CVE-2022-3201)\n\n - Microsoft Edge (Chromium-based) Spoofing Vulnerability. (CVE-2022-41035)\n\n - Use after free in CSS. (CVE-2022-3304)\n\n - Use after free in Survey. (CVE-2022-3305, CVE-2022-3306)\n\n - Use after free in Media. (CVE-2022-3307)\n\n - Insufficient policy enforcement in Developer Tools. (CVE-2022-3308)\n\n - Use after free in Assistant. (CVE-2022-3309)\n\n - Insufficient policy enforcement in Custom Tabs. (CVE-2022-3310)\n\n - Use after free in Import. (CVE-2022-3311)\n\n - Insufficient validation of untrusted input in VPN. (CVE-2022-3312)\n\n - Incorrect security UI in Full Screen. (CVE-2022-3313)\n\n - Use after free in Logging. (CVE-2022-3314)\n\n - This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this\n vulnerability. Please see Google Chrome Releases for more information. (CVE-2022-3315, CVE-2022-3316,\n CVE-2022-3370, CVE-2022-3373)\n\n - Insufficient validation of untrusted input in Intents. (CVE-2022-3317)\n\n - Use after free in ChromeOS Notifications. (CVE-2022-3318)\n\n - Use after free in Skia. (CVE-2022-3445)\n\n - Heap buffer overflow in WebSQL. (CVE-2022-3446)\n\n - Inappropriate implementation in Custom Tabs. (CVE-2022-3447)\n\n - Use after free in Permissions API. (CVE-2022-3448)\n\n - Use after free in Safe Browsing. (CVE-2022-3449)\n\n - Use after free in Peer Connection. (CVE-2022-3450)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202210-16\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=873217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=873817\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=874855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=876855\");\n script_set_attribute(attribute:\"solution\", value:\n\"All Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-106.0.5249.119\n \nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/chromium-bin-106.0.5249.119\n \nAll Google Chrome users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/google-chrome-106.0.5249.119\n \nAll Microsoft Edge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=www-client/microsoft-edge-106.0.1370.37\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3450\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-41035\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:chromium-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:google-chrome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:microsoft-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'www-client/chromium',\n 'unaffected' : make_list(\"ge 106.0.5249.119\", \"lt 106.0.0\"),\n 'vulnerable' : make_list(\"lt 106.0.5249.119\")\n },\n {\n 'name' : 'www-client/chromium-bin',\n 'unaffected' : make_list(\"ge 106.0.5249.119\", \"lt 106.0.0\"),\n 'vulnerable' : make_list(\"lt 106.0.5249.119\")\n },\n {\n 'name' : 'www-client/google-chrome',\n 'unaffected' : make_list(\"ge 106.0.5249.119\", \"lt 106.0.0\"),\n 'vulnerable' : make_list(\"lt 106.0.5249.119\")\n },\n {\n 'name' : 'www-client/microsoft-edge',\n 'unaffected' : make_list(\"ge 106.0.1370.37\", \"lt 106.0.0\"),\n 'vulnerable' : make_list(\"lt 106.0.1370.37\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Chromium / Google Chrome / Microsoft Edge');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:35:03", "description": "The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and execute unauthorized arbitrary commands. (CVE-2022-38048, CVE-2022-41031)\n\n - A information disclosure vulnerability in Excel. An attacker who exploited the vulnerability could use the information together with other vulnerabilities in order to compromise the user\u2019s computer or data. (CVE-2022-41043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-13T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (Oct 2022) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-38048", "CVE-2022-41031", "CVE-2022-41043"], "modified": "2022-11-29T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "MACOS_MS22_OCT_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/166102", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc. \n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166102);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/29\");\n\n script_cve_id(\"CVE-2022-38048\", \"CVE-2022-41031\", \"CVE-2022-41043\");\n script_xref(name:\"IAVA\", value:\"2022-A-0412-S\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (Oct 2022) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates. It is, therefore, affected by multiple \nvulnerabilities:\n\n - A remote code execution vulnerabilities. An attacker can exploit these to bypass authentication and \n execute unauthorized arbitrary commands. (CVE-2022-38048, CVE-2022-41031)\n\n - A information disclosure vulnerability in Excel. An attacker who exploited the vulnerability could use \n the information together with other vulnerabilities in order to compromise the user\u00e2\u0080\u0099s computer or data. \n (CVE-2022-41043)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://docs.microsoft.com/en-us/officeupdates/update-history-office-for-mac\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?43ed1b90\");\n # https://learn.microsoft.com/en-us/officeupdates/release-notes-office-for-mac#october-11-2022\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2b57ae29\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Microsoft Office for Mac.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41031\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_office_installed.nbin\");\n script_require_keys(\"Host/MacOSX/Version\");\n script_require_ports(\"installed_sw/Microsoft Outlook\", \"installed_sw/Microsoft Excel\", \"installed_sw/Microsoft Word\", \"installed_sw/Microsoft PowerPoint\", \"installed_sw/Microsoft OneNote\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar apps = make_list('Microsoft Outlook', 'Microsoft Excel', 'Microsoft Word',\n 'Microsoft PowerPoint','Microsoft OneNote');\n\nvar app_info = vcf::microsoft::office_for_mac::get_app_info(apps:apps);\n\nvar constraints = [\n {'min_version':'16.17.0', 'fixed_version':'16.66', 'fixed_display':'16.66 (22100900)'}\n];\n\nvcf::microsoft::office_for_mac::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n os_min_lvl:'10.15.0'\n);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:30:42", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5245 advisory.\n\n - Use after free in Custom Elements. (CVE-2022-3370)\n\n - Out of bounds write in V8. (CVE-2022-3373)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-03T00:00:00", "type": "nessus", "title": "Debian DSA-5245-1 : chromium - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-11-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:chromium", "p-cpe:/a:debian:debian_linux:chromium-common", "p-cpe:/a:debian:debian_linux:chromium-driver", "p-cpe:/a:debian:debian_linux:chromium-l10n", "p-cpe:/a:debian:debian_linux:chromium-sandbox", "p-cpe:/a:debian:debian_linux:chromium-shell", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5245.NASL", "href": "https://www.tenable.com/plugins/nessus/165625", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5245. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165625);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/02\");\n\n script_cve_id(\"CVE-2022-3370\", \"CVE-2022-3373\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"Debian DSA-5245-1 : chromium - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5245 advisory.\n\n - Use after free in Custom Elements. (CVE-2022-3370)\n\n - Out of bounds write in V8. (CVE-2022-3373)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/chromium\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3370\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-3373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/chromium\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the chromium packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 106.0.5249.91-1~deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3370\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3373\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-driver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-l10n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-sandbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:chromium-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'chromium', 'reference': '106.0.5249.91-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-common', 'reference': '106.0.5249.91-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-driver', 'reference': '106.0.5249.91-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-l10n', 'reference': '106.0.5249.91-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-sandbox', 'reference': '106.0.5249.91-1~deb11u1'},\n {'release': '11.0', 'prefix': 'chromium-shell', 'reference': '106.0.5249.91-1~deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium / chromium-common / chromium-driver / chromium-l10n / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:35:38", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d459c914-4100-11ed-9bc7-3065ec8fd3ec advisory.\n\n - Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3373)\n\n - Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3370)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "FreeBSD : chromium -- multiple vulnerabilities (d459c914-4100-11ed-9bc7-3065ec8fd3ec)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3370", "CVE-2022-3373"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:chromium", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_D459C914410011ED9BC73065EC8FD3EC.NASL", "href": "https://www.tenable.com/plugins/nessus/165603", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165603);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-3370\", \"CVE-2022-3373\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"FreeBSD : chromium -- multiple vulnerabilities (d459c914-4100-11ed-9bc7-3065ec8fd3ec)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the d459c914-4100-11ed-9bc7-3065ec8fd3ec advisory.\n\n - Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an\n out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3373)\n\n - Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3370)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6ee6bb19\");\n # https://vuxml.freebsd.org/freebsd/d459c914-4100-11ed-9bc7-3065ec8fd3ec.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?abddf888\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3373\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:chromium\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'chromium<106.0.5249.91'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:34:40", "description": "The version of Google Chrome installed on the remote Windows host is prior to 106.0.5249.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_30 advisory.\n\n - Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3370)\n\n - Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3373)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "Google Chrome < 106.0.5249.91 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3370", "CVE-2022-3373"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "GOOGLE_CHROME_106_0_5249_91.NASL", "href": "https://www.tenable.com/plugins/nessus/165590", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165590);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-3370\", \"CVE-2022-3373\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"Google Chrome < 106.0.5249.91 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Windows host is prior to 106.0.5249.91. It is, therefore, affected\nby multiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_30 advisory.\n\n - Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3370)\n\n - Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an\n out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3373)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6ee6bb19\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1366813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1366399\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 106.0.5249.91 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3370\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3373\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"google_chrome_installed.nasl\");\n script_require_keys(\"SMB/Google_Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('SMB/Google_Chrome/Installed');\nvar installs = get_kb_list('SMB/Google_Chrome/*');\n\ngoogle_chrome_check_version(installs:installs, fix:'106.0.5249.91', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:34:40", "description": "The version of Google Chrome installed on the remote macOS host is prior to 106.0.5249.91. It is, therefore, affected by multiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_30 advisory.\n\n - Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3370)\n\n - Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3373)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-30T00:00:00", "type": "nessus", "title": "Google Chrome < 106.0.5249.91 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-3370", "CVE-2022-3373"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/a:google:chrome"], "id": "MACOSX_GOOGLE_CHROME_106_0_5249_91.NASL", "href": "https://www.tenable.com/plugins/nessus/165589", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165589);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-3370\", \"CVE-2022-3373\");\n script_xref(name:\"IAVA\", value:\"2022-A-0394-S\");\n\n script_name(english:\"Google Chrome < 106.0.5249.91 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote macOS host is prior to 106.0.5249.91. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the 2022_09_stable-channel-update-for-desktop_30 advisory.\n\n - Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to\n potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n (CVE-2022-3370)\n\n - Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an\n out of bounds memory write via a crafted HTML page. (Chromium security severity: High) (CVE-2022-3373)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6ee6bb19\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1366813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://crbug.com/1366399\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome version 106.0.5249.91 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-3370\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-3373\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\ninclude('google_chrome_version.inc');\n\nget_kb_item_or_exit('MacOSX/Google Chrome/Installed');\n\ngoogle_chrome_check_version(fix:'106.0.5249.91', severity:SECURITY_HOLE, xss:FALSE, xsrf:FALSE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:34:06", "description": "The Microsoft Office Products are missing security updates. It is, therefore, affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Office Products (October 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-38048"], "modified": "2022-11-29T00:00:00", "cpe": ["cpe:/a:microsoft:office"], "id": "SMB_NT_MS22_OCT_OFFICE.NASL", "href": "https://www.tenable.com/plugins/nessus/166037", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166037);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/29\");\n\n script_cve_id(\"CVE-2022-38048\");\n script_xref(name:\"MSKB\", value:\"5002026\");\n script_xref(name:\"MSKB\", value:\"5002279\");\n script_xref(name:\"MSKB\", value:\"5002288\");\n script_xref(name:\"MSFT\", value:\"MS22-5002026\");\n script_xref(name:\"MSFT\", value:\"MS22-5002279\");\n script_xref(name:\"MSFT\", value:\"MS22-5002288\");\n script_xref(name:\"IAVA\", value:\"2022-A-0412-S\");\n\n script_name(english:\"Security Updates for Microsoft Office Products (October 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Office Products are affected by a remote code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Office Products are missing security updates. It is, therefore, affected by a remote code execution\nvulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5002026\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5002279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5002288\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5002026\n -KB5002279\n -KB5002288\n\nFor Office 365, Office 2016 C2R, or Office 2019, ensure automatic\nupdates are enabled or open any office app and manually perform an\nupdate.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-38048\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:office\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"office_installed.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('vcf_extras_office.inc');\n\nvar bulletin = 'MS22-10';\nvar kbs = make_list(\n '5002026',\n '5002279',\n '5002288'\n);\nvar severity = SECURITY_HOLE;\n\nvar app_info = vcf::microsoft::office::get_app_info(app:'Microsoft Office', kbs:kbs, bulletin:bulletin, severity:severity);\n\nvar constraints = [\n {'product' : 'Microsoft Office 2013 SP1', 'kb':'5002279', 'file':'mso.dll', 'fixed_version': '15.0.5493.1000'},\n {'product' : 'Microsoft Office 2016', 'kb':'5002288', 'file':'mso.dll', 'fixed_version': '16.0.5365.1000'},\n {'product' : 'Microsoft Office 2016', 'kb':'5002026', 'file':'mso40uiwin32client.dll', 'fixed_version': '16.0.5365.1000'}\n];\n\nvcf::microsoft::office::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:severity,\n bulletin:bulletin,\n subproduct:'Office'\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:36:59", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-6911 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : .NET / 6.0 (ELSA-2022-6911)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:aspnetcore-runtime-6.0", "p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-6.0", "p-cpe:/a:oracle:linux:dotnet", "p-cpe:/a:oracle:linux:dotnet-apphost-pack-6.0", "p-cpe:/a:oracle:linux:dotnet-host", "p-cpe:/a:oracle:linux:dotnet-hostfxr-6.0", "p-cpe:/a:oracle:linux:dotnet-runtime-6.0", "p-cpe:/a:oracle:linux:dotnet-sdk-6.0", "p-cpe:/a:oracle:linux:dotnet-sdk-6.0-source-built-artifacts", "p-cpe:/a:oracle:linux:dotnet-targeting-pack-6.0", "p-cpe:/a:oracle:linux:dotnet-templates-6.0", "p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1"], "id": "ORACLELINUX_ELSA-2022-6911.NASL", "href": "https://www.tenable.com/plugins/nessus/166104", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-6911.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166104);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"IAVA\", value:\"2022-A-0411-S\");\n\n script_name(english:\"Oracle Linux 8 : .NET / 6.0 (ELSA-2022-6911)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-6911 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-6911.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-6.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.110-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.110-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-6.0 / aspnetcore-targeting-pack-6.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:34:06", "description": "An elevation of privilege vulnerability exists in the Microsoft Visual Studio application installed on the host. A local attacker can gain the privileges of the user running the Microsoft Visual Studio application.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-14T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (Oct 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-12-01T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS22_OCT_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/166116", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166116);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/01\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"IAVA\", value:\"2022-A-0413-S\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (Oct 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are affected by an elevation of privilege vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"An elevation of privilege vulnerability exists in the Microsoft Visual Studio application installed on the host. A\nlocal attacker can gain the privileges of the user running the Microsoft Visual Studio application.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes#1736--visual-studio-2022-version-1736\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f78495d\");\n # https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.2#1729--visual-studio-2022-version-1729\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1e58262\");\n # https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0#17015--visual-studio-2022-version-17015\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6a882854\");\n # https://learn.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.9#--visual-studio-2019-version-16926-\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1bbc940f\");\n # https://learn.microsoft.com/en-us/visualstudio/releases/2019/release-notes#release-notes-icon-visual-studio-2019-version-161120\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?71f85dc2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue:\n - Update 16.9.26 for Visual Studio 2019\n - Update 16.11.20 for Visual Studio 2019\n - Update 17.0.15 for Visual Studio 2022\n - Update 17.2.9 for Visual Studio 2022\n - Update 17.3.6 for Visual Studio 2022\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\", \"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"installed_sw/Microsoft Visual Studio\", \"SMB/Registry/Enumerated\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('vcf_extras_visual_studio.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\n\nvar app_info = vcf::visual_studio::get_app_info();\n\nvar constraints = [\n # https://learn.microsoft.com/en-us/visualstudio/releases/2019/history\n {'product': '2019', 'min_version': '16.0', 'fixed_version': '16.9.32930.78', 'fixed_display': '16.9.32930.78 (16.9.26)'},\n {'product': '2019', 'min_version': '16.10', 'fixed_version': '16.11.32929.386', 'fixed_display': '16.11.32929.386 (16.11.20)'},\n # https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-history\n {'product': '2022', 'min_version': '17.0', 'fixed_version': '17.0.32929.387', 'fixed_display': '17.0.32929.387 (17.0.15)'},\n {'product': '2022', 'min_version': '17.2', 'fixed_version': '17.2.32929.388', 'fixed_display': '17.2.32929.388 (17.2.9)'},\n {'product': '2022', 'min_version': '17.3', 'fixed_version': '17.3.32929.385', 'fixed_display': '17.3.32929.385 (17.3.6)'}\n];\n\nvcf::visual_studio::check_version_and_report(\n app_info: app_info,\n constraints: constraints,\n severity: SECURITY_WARNING\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:36:44", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-6912 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : .NET / Core / 3.1 (ELSA-2022-6912)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:2.3:o:oracle:linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:aspnetcore-runtime-3.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:aspnetcore-targeting-pack-3.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-apphost-pack-3.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-hostfxr-3.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-runtime-3.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-sdk-3.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-targeting-pack-3.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-templates-3.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-sdk-3.1-source-built-artifacts:*:*:*:*:*:*:*"], "id": "ORACLELINUX_ELSA-2022-6912.NASL", "href": "https://www.tenable.com/plugins/nessus/166067", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-6912.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166067);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"IAVA\", value:\"2022-A-0411-S\");\n\n script_name(english:\"Oracle Linux 8 : .NET / Core / 3.1 (ELSA-2022-6912)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-6912 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-6912.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-3.1-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-3.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-3.1-3.1.30-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.30-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.30-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.30-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.30-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.424-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.30-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.424-1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-3.1 / aspnetcore-targeting-pack-3.1 / dotnet-apphost-pack-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-19T14:46:47", "description": "The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5670-1 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "Ubuntu 22.04 LTS : .NET 6 vulnerability (USN-5670-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:aspnetcore-runtime-6.0", "p-cpe:/a:canonical:ubuntu_linux:aspnetcore-targeting-pack-6.0", "p-cpe:/a:canonical:ubuntu_linux:dotnet-apphost-pack-6.0", "p-cpe:/a:canonical:ubuntu_linux:dotnet-host", "p-cpe:/a:canonical:ubuntu_linux:dotnet-hostfxr-6.0", "p-cpe:/a:canonical:ubuntu_linux:dotnet-runtime-6.0", "p-cpe:/a:canonical:ubuntu_linux:dotnet-sdk-6.0", "p-cpe:/a:canonical:ubuntu_linux:dotnet-sdk-6.0-source-built-artifacts", "p-cpe:/a:canonical:ubuntu_linux:dotnet-targeting-pack-6.0", "p-cpe:/a:canonical:ubuntu_linux:dotnet-templates-6.0", "p-cpe:/a:canonical:ubuntu_linux:dotnet6", "p-cpe:/a:canonical:ubuntu_linux:netstandard-targeting-pack-2.1"], "id": "UBUNTU_USN-5670-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166049", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5670-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166049);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"USN\", value:\"5670-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0411-S\");\n\n script_name(english:\"Ubuntu 22.04 LTS : .NET 6 vulnerability (USN-5670-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the\nUSN-5670-1 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5670-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dotnet-sdk-6.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dotnet6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '22.04', 'pkgname': 'aspnetcore-runtime-6.0', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'aspnetcore-targeting-pack-6.0', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'dotnet-apphost-pack-6.0', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'dotnet-host', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'dotnet-hostfxr-6.0', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'dotnet-runtime-6.0', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'dotnet-sdk-6.0', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'dotnet-sdk-6.0-source-built-artifacts', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'dotnet-targeting-pack-6.0', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'dotnet-templates-6.0', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'dotnet6', 'pkgver': '6.0.110-0ubuntu1~22.04.1'},\n {'osver': '22.04', 'pkgname': 'netstandard-targeting-pack-2.1', 'pkgver': '6.0.110-0ubuntu1~22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-6.0 / aspnetcore-targeting-pack-6.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:34:57", "description": "The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-6913 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-13T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : .NET / 6.0 (ELSA-2022-6913)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-12-15T00:00:00", "cpe": ["p-cpe:2.3:a:oracle:linux:dotnet-host:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:netstandard-targeting-pack-2.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:aspnetcore-runtime-6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:aspnetcore-targeting-pack-6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-apphost-pack-6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-hostfxr-6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-runtime-6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-sdk-6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-targeting-pack-6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-templates-6.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-sdk-6.0-source-built-artifacts:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:9:*:*:*:*:*:*:*"], "id": "ORACLELINUX_ELSA-2022-6913.NASL", "href": "https://www.tenable.com/plugins/nessus/166090", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-6913.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166090);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"IAVA\", value:\"2022-A-0411-S\");\n\n script_name(english:\"Oracle Linux 9 : .NET / 6.0 (ELSA-2022-6913)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-6913 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-6913.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-6.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.0.1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.0.1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-6.0 / aspnetcore-targeting-pack-6.0 / dotnet-apphost-pack-6.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-24T00:39:47", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6915 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-15T00:00:00", "type": "nessus", "title": "RHEL 7 : .NET 6.0 on RHEL 7 (RHSA-2022:6915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-aspnetcore-runtime-6.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-aspnetcore-targeting-pack-6.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-apphost-pack-6.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-host", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-hostfxr-6.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-runtime-6.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-sdk-6.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-targeting-pack-6.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-templates-6.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2022-6915.NASL", "href": "https://www.tenable.com/plugins/nessus/166149", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6915. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166149);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"RHSA\", value:\"2022:6915\");\n\n script_name(english:\"RHEL 7 : .NET 6.0 on RHEL 7 (RHSA-2022:6915)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:6915 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6915\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2132614\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet60-netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-dotnet60-aspnetcore-runtime-6.0-6.0.10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-dotnet-6.0.110-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-dotnet-apphost-pack-6.0-6.0.10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-dotnet-host-6.0.10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-dotnet-hostfxr-6.0-6.0.10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-dotnet-runtime-6.0-6.0.10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-dotnet-sdk-6.0-6.0.110-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-dotnet-targeting-pack-6.0-6.0.10-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-dotnet-templates-6.0-6.0.110-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-dotnet60-netstandard-targeting-pack-2.1-6.0.110-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-dotnet60-aspnetcore-runtime-6.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-03T22:26:10", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6912 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-15T00:00:00", "type": "nessus", "title": "RHEL 8 : .NET Core 3.1 (RHSA-2022:6912)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-3.1-source-built-artifacts", "p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:dotnet-templates-3.1"], "id": "REDHAT-RHSA-2022-6912.NASL", "href": "https://www.tenable.com/plugins/nessus/166148", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6912. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166148);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"RHSA\", value:\"2022:6912\");\n\n script_name(english:\"RHEL 8 : .NET Core 3.1 (RHSA-2022:6912)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:6912 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2132614\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-3.1-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-templates-3.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-3.1-3.1.30-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.30-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.30-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.30-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.30-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.424-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.30-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.424-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-3.1-3.1.30-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-3.1-3.1.30-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-3.1-3.1.30-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-3.1-3.1.30-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-3.1-3.1.30-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-3.1.424-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-3.1-3.1.30-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-3.1-3.1.424-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-3.1 / aspnetcore-targeting-pack-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-03T15:25:53", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6913 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-15T00:00:00", "type": "nessus", "title": "RHEL 9 : .NET 6.0 (RHSA-2022:6913)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "cpe:/o:redhat:rhel_e4s:9.0", "cpe:/o:redhat:rhel_eus:9.0", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-6.0", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-host", "p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-6.0-source-built-artifacts", "p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-templates-6.0", "p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2022-6913.NASL", "href": "https://www.tenable.com/plugins/nessus/166151", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6913. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166151);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"RHSA\", value:\"2022:6913\");\n\n script_name(english:\"RHEL 9 : .NET 6.0 (RHSA-2022:6913)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:6913 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2132614\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-6.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel9/9.0/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.0/aarch64/appstream/os',\n 'content/e4s/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.0/aarch64/baseos/os',\n 'content/e4s/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/appstream/debug',\n 'content/e4s/rhel9/9.0/s390x/appstream/os',\n 'content/e4s/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/baseos/debug',\n 'content/e4s/rhel9/9.0/s390x/baseos/os',\n 'content/e4s/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.0/s390x/highavailability/os',\n 'content/e4s/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/sap/debug',\n 'content/e4s/rhel9/9.0/s390x/sap/os',\n 'content/e4s/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.0/x86_64/appstream/os',\n 'content/e4s/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.0/x86_64/baseos/os',\n 'content/e4s/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/nfv/debug',\n 'content/e4s/rhel9/9.0/x86_64/nfv/os',\n 'content/e4s/rhel9/9.0/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/rt/debug',\n 'content/e4s/rhel9/9.0/x86_64/rt/os',\n 'content/e4s/rhel9/9.0/x86_64/rt/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap/os',\n 'content/e4s/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/appstream/debug',\n 'content/eus/rhel9/9.0/aarch64/appstream/os',\n 'content/eus/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/baseos/debug',\n 'content/eus/rhel9/9.0/aarch64/baseos/os',\n 'content/eus/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.0/aarch64/highavailability/os',\n 'content/eus/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.0/aarch64/supplementary/os',\n 'content/eus/rhel9/9.0/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/appstream/debug',\n 'content/eus/rhel9/9.0/s390x/appstream/os',\n 'content/eus/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/baseos/debug',\n 'content/eus/rhel9/9.0/s390x/baseos/os',\n 'content/eus/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/highavailability/debug',\n 'content/eus/rhel9/9.0/s390x/highavailability/os',\n 'content/eus/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/sap/debug',\n 'content/eus/rhel9/9.0/s390x/sap/os',\n 'content/eus/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/supplementary/debug',\n 'content/eus/rhel9/9.0/s390x/supplementary/os',\n 'content/eus/rhel9/9.0/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/appstream/debug',\n 'content/eus/rhel9/9.0/x86_64/appstream/os',\n 'content/eus/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/baseos/debug',\n 'content/eus/rhel9/9.0/x86_64/baseos/os',\n 'content/eus/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.0/x86_64/highavailability/os',\n 'content/eus/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap/debug',\n 'content/eus/rhel9/9.0/x86_64/sap/os',\n 'content/eus/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.0/x86_64/supplementary/os',\n 'content/eus/rhel9/9.0/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-6.0 / aspnetcore-targeting-pack-6.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T03:02:12", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6911 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-15T00:00:00", "type": "nessus", "title": "RHEL 8 : .NET 6.0 (RHSA-2022:6911)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-6.0", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet", "p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-host", "p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-6.0-source-built-artifacts", "p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-6.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-templates-6.0", "p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2022-6911.NASL", "href": "https://www.tenable.com/plugins/nessus/166152", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6911. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166152);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"RHSA\", value:\"2022:6911\");\n\n script_name(english:\"RHEL 8 : .NET 6.0 (RHSA-2022:6911)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:6911 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2132614\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-6.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.110-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.110-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.110-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.110-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-6.0 / aspnetcore-targeting-pack-6.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-24T00:41:26", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6914 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-15T00:00:00", "type": "nessus", "title": "RHEL 7 : .NET Core 3.1 on RHEL 7 (RHSA-2022:6914)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-apphost-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-host", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-hostfxr-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-runtime-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-sdk-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-targeting-pack-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-templates-3.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2022-6914.NASL", "href": "https://www.tenable.com/plugins/nessus/166150", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6914. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166150);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"RHSA\", value:\"2022:6914\");\n\n script_name(english:\"RHEL 7 : .NET Core 3.1 on RHEL 7 (RHSA-2022:6914)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:6914 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2132614\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-aspnetcore-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-apphost-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-hostfxr-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-runtime-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-sdk-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-targeting-pack-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-dotnet-templates-3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet31-netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/dotnet/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/dotnet/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-dotnet31-aspnetcore-runtime-3.1-3.1.30-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.30-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-3.1.424-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-apphost-pack-3.1-3.1.30-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-host-3.1.30-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-hostfxr-3.1-3.1.30-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-runtime-3.1-3.1.30-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-sdk-3.1-3.1.424-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-sdk-3.1-source-built-artifacts-3.1.424-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-targeting-pack-3.1-3.1.30-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-dotnet-templates-3.1-3.1.424-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'},\n {'reference':'rh-dotnet31-netstandard-targeting-pack-2.1-3.1.424-1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rh-dotnet31'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-dotnet31-aspnetcore-runtime-3.1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:35:09", "description": "The Microsoft Visual Studio Products installed on the remote macOS or Mac OS X host is missing a security update.\nIt is, therefore, affected by an escalation of privilege vulnerability. A local attacker can gain the privileges of the user running the Microsoft Visual Studio Application.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-20T00:00:00", "type": "nessus", "title": "Security Update for Visual Studio 2022 (Oct 2022) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-12-01T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "MACOS_MS22_OCT_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/166329", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166329);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/01\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"IAVA\", value:\"2022-A-0413-S\");\n\n script_name(english:\"Security Update for Visual Studio 2022 (Oct 2022) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application installed that is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products installed on the remote macOS or Mac OS X host is missing a security update.\nIt is, therefore, affected by an escalation of privilege vulnerability. A local attacker can gain the privileges of\nthe user running the Microsoft Visual Studio Application.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported\nversion\");\n # https://learn.microsoft.com/en-us/visualstudio/releases/2022/mac-release-notes#1737--visual-studio-2022-for-mac-v1737-newreleasebutton\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6aebfb11\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released Visual Studio 2022 version 17.3.8 build 5 to address this issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"visual_studio_mac_installed.nbin\");\n script_require_keys(\"installed_sw/Visual Studio\", \"Host/local_checks_enabled\", \"Host/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/MacOSX/Version')) audit(AUDIT_OS_NOT, 'macOS / Mac OS X');\n\nvar app_info = vcf::get_app_info(app:'Visual Studio');\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [ {'min_version': '17.3', 'fixed_version': '17.3.8'} ];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:34:14", "description": "A privilege escalation vulnerability exists in .NET core 6.0 < 6.0.10 and .NET Core 3.1 < 3.1.30. An authenticated, local attacker can exploit this, via the NuGet client, to cause the user to execute arbitrary code.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-12T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft .NET Core (October 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-12-15T00:00:00", "cpe": ["cpe:/a:microsoft:.net_core"], "id": "SMB_NT_MS22_OCT_DOTNET_CORE.NASL", "href": "https://www.tenable.com/plugins/nessus/166054", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc. \n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166054);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/15\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"MSKB\", value:\"5019349\");\n script_xref(name:\"MSKB\", value:\"5019351\");\n script_xref(name:\"MSFT\", value:\"MS22-5019349\");\n script_xref(name:\"MSFT\", value:\"MS22-5019351\");\n script_xref(name:\"IAVA\", value:\"2022-A-0411-S\");\n\n script_name(english:\"Security Updates for Microsoft .NET Core (October 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft .NET core installations on the remote host are affected by a privilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"A privilege escalation vulnerability exists in .NET core 6.0 < 6.0.10 and .NET Core 3.1 < 3.1.30. An authenticated,\nlocal attacker can exploit this, via the NuGet client, to cause the user to execute arbitrary code.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5019349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5019351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dotnet.microsoft.com/download/dotnet/3.1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://dotnet.microsoft.com/download/dotnet/6.0\");\n # https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.30/3.1.30.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a5250e3\");\n # https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.10/6.0.10.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0eafd070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/core/issues/7864\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update .NET Core Runtime to version 3.1.30 or 6.0.10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_core\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_dotnet_core_win.nbin\", \"macosx_dotnet_core_installed.nbin\");\n script_require_ports(\"installed_sw/.NET Core Windows\", \"installed_sw/.NET Core MacOS\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvar app;\nvar win_local;\n\nif (!empty_or_null(get_kb_item('SMB/Registry/Enumerated')))\n{\n app = '.NET Core Windows';\n win_local = TRUE;\n}\nelse if (!empty_or_null(get_kb_item('Host/MacOSX/Version')))\n{\n app = '.NET Core MacOS';\n win_local = FALSE;\n}\nelse\n audit(AUDIT_HOST_NOT, 'Windows or macOS');\n\nvar app_info = vcf::get_app_info(app:app, win_local:win_local);\nvar constraints = [\n {'min_version': '3.1', 'fixed_version': '3.1.30'},\n {'min_version': '6.0', 'fixed_version': '6.0.10'}\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:39:31", "description": "The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:8434 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-18T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : dotnet7.0 (ALSA-2022:8434)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-11-18T00:00:00", "cpe": ["p-cpe:/a:alma:linux:aspnetcore-runtime-7.0", "p-cpe:/a:alma:linux:aspnetcore-targeting-pack-7.0", "p-cpe:/a:alma:linux:dotnet-apphost-pack-7.0", "p-cpe:/a:alma:linux:dotnet-host", "p-cpe:/a:alma:linux:dotnet-hostfxr-7.0", "p-cpe:/a:alma:linux:dotnet-runtime-7.0", "p-cpe:/a:alma:linux:dotnet-sdk-7.0", "p-cpe:/a:alma:linux:dotnet-sdk-7.0-source-built-artifacts", "p-cpe:/a:alma:linux:dotnet-targeting-pack-7.0", "p-cpe:/a:alma:linux:dotnet-templates-7.0", "p-cpe:/a:alma:linux:netstandard-targeting-pack-2.1", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::crb"], "id": "ALMA_LINUX_ALSA-2022-8434.NASL", "href": "https://www.tenable.com/plugins/nessus/167833", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:8434.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167833);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/18\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"ALSA\", value:\"2022:8434\");\n\n script_name(english:\"AlmaLinux 9 : dotnet7.0 (ALSA-2022:8434)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2022:8434 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-8434.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:aspnetcore-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:aspnetcore-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-apphost-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-hostfxr-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-sdk-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-sdk-7.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-templates-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::crb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.5.rc2.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.5.rc2.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-7.0 / aspnetcore-targeting-pack-7.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T04:53:54", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8434 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "RHEL 9 : dotnet7.0 (RHSA-2022:8434)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-7.0", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-host", "p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-7.0-source-built-artifacts", "p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-templates-7.0", "p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2022-8434.NASL", "href": "https://www.tenable.com/plugins/nessus/167645", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8434. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167645);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"RHSA\", value:\"2022:8434\");\n\n script_name(english:\"RHEL 9 : dotnet7.0 (RHSA-2022:8434)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:8434 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2132614\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-7.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-templates-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.5.rc2.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-7.0 / aspnetcore-targeting-pack-7.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:43:50", "description": "The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-f9ca76e479 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-22T00:00:00", "type": "nessus", "title": "Fedora 36 : dotnet3.1 (2022-f9ca76e479)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-12-22T00:00:00", "cpe": ["p-cpe:2.3:a:fedoraproject:fedora:dotnet3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"], "id": "FEDORA_2022-F9CA76E479.NASL", "href": "https://www.tenable.com/plugins/nessus/169060", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-f9ca76e479\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169060);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/22\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"FEDORA\", value:\"2022-f9ca76e479\");\n\n script_name(english:\"Fedora 36 : dotnet3.1 (2022-f9ca76e479)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2022-f9ca76e479 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-f9ca76e479\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected dotnet3.1 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dotnet3.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'dotnet3.1-3.1.424-1.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dotnet3.1');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:40:31", "description": "The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:6913 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : .NET 6.0 (ALSA-2022:6913)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-11-30T00:00:00", "cpe": ["p-cpe:/a:alma:linux:aspnetcore-runtime-6.0", "p-cpe:/a:alma:linux:aspnetcore-targeting-pack-6.0", "p-cpe:/a:alma:linux:dotnet-apphost-pack-6.0", "p-cpe:/a:alma:linux:dotnet-host", "p-cpe:/a:alma:linux:dotnet-hostfxr-6.0", "p-cpe:/a:alma:linux:dotnet-runtime-6.0", "p-cpe:/a:alma:linux:dotnet-sdk-6.0", "p-cpe:/a:alma:linux:dotnet-sdk-6.0-source-built-artifacts", "p-cpe:/a:alma:linux:dotnet-targeting-pack-6.0", "p-cpe:/a:alma:linux:dotnet-templates-6.0", "p-cpe:/a:alma:linux:netstandard-targeting-pack-2.1", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::crb"], "id": "ALMA_LINUX_ALSA-2022-6913.NASL", "href": "https://www.tenable.com/plugins/nessus/167717", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:6913.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167717);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/30\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"ALSA\", value:\"2022:6913\");\n\n script_name(english:\"AlmaLinux 9 : .NET 6.0 (ALSA-2022:6913)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2022:6913 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-6913.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-sdk-6.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::crb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-6.0 / aspnetcore-targeting-pack-6.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:41:18", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7826 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-14T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : dotnet7.0 (ALSA-2022:7826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-11-30T00:00:00", "cpe": ["p-cpe:/a:alma:linux:aspnetcore-runtime-7.0", "p-cpe:/a:alma:linux:aspnetcore-targeting-pack-7.0", "p-cpe:/a:alma:linux:dotnet", "p-cpe:/a:alma:linux:dotnet-apphost-pack-7.0", "p-cpe:/a:alma:linux:dotnet-host", "p-cpe:/a:alma:linux:dotnet-hostfxr-7.0", "p-cpe:/a:alma:linux:dotnet-runtime-7.0", "p-cpe:/a:alma:linux:dotnet-sdk-7.0", "p-cpe:/a:alma:linux:dotnet-sdk-7.0-source-built-artifacts", "p-cpe:/a:alma:linux:dotnet-targeting-pack-7.0", "p-cpe:/a:alma:linux:dotnet-templates-7.0", "p-cpe:/a:alma:linux:netstandard-targeting-pack-2.1", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::appstream", "cpe:/o:alma:linux:8::powertools"], "id": "ALMA_LINUX_ALSA-2022-7826.NASL", "href": "https://www.tenable.com/plugins/nessus/167443", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7826.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167443);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/30\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"ALSA\", value:\"2022:7826\");\n\n script_name(english:\"AlmaLinux 8 : dotnet7.0 (ALSA-2022:7826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2022:7826 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7826.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:aspnetcore-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:aspnetcore-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-apphost-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-hostfxr-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-sdk-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-sdk-7.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:dotnet-templates-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::powertools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-7.0.100-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-7.0.100-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.4.rc2.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.4.rc2.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-7.0 / aspnetcore-targeting-pack-7.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:39:09", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7826 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : dotnet7.0 (ELSA-2022-7826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-11-30T00:00:00", "cpe": ["cpe:2.3:o:oracle:linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-host:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:netstandard-targeting-pack-2.1:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:aspnetcore-runtime-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:aspnetcore-targeting-pack-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-apphost-pack-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-hostfxr-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-runtime-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-sdk-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-sdk-7.0-source-built-artifacts:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-targeting-pack-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-templates-7.0:*:*:*:*:*:*:*"], "id": "ORACLELINUX_ELSA-2022-7826.NASL", "href": "https://www.tenable.com/plugins/nessus/167784", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7826.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167784);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/30\");\n\n script_cve_id(\"CVE-2022-41032\");\n\n script_name(english:\"Oracle Linux 8 : dotnet7.0 (ELSA-2022-7826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-7826 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7826.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-7.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.4.rc2.0.1.el8_7', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-7.0 / aspnetcore-targeting-pack-7.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T08:19:16", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7826 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T00:00:00", "type": "nessus", "title": "RHEL 8 : dotnet7.0 (RHSA-2022:7826)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-7.0", "p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet", "p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-host", "p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-7.0-source-built-artifacts", "p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-7.0", "p-cpe:/a:redhat:enterprise_linux:dotnet-templates-7.0", "p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1"], "id": "REDHAT-RHSA-2022-7826.NASL", "href": "https://www.tenable.com/plugins/nessus/167086", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7826. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167086);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"RHSA\", value:\"2022:7826\");\n\n script_name(english:\"RHEL 8 : dotnet7.0 (RHSA-2022:7826)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7826 advisory.\n\n - dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-41032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2132614\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(524);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:aspnetcore-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-apphost-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-hostfxr-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-sdk-7.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:dotnet-templates-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-7.0.100-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.4.rc2.el8_7', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-7.0 / aspnetcore-targeting-pack-7.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:41:10", "description": "The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8434 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-29T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : dotnet7.0 (ELSA-2022-8434)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-11-29T00:00:00", "cpe": ["p-cpe:2.3:a:oracle:linux:dotnet-host:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:netstandard-targeting-pack-2.1:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:9:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:aspnetcore-runtime-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:aspnetcore-targeting-pack-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-apphost-pack-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-hostfxr-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-runtime-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-sdk-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-sdk-7.0-source-built-artifacts:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-targeting-pack-7.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:dotnet-templates-7.0:*:*:*:*:*:*:*"], "id": "ORACLELINUX_ELSA-2022-8434.NASL", "href": "https://www.tenable.com/plugins/nessus/168235", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-8434.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168235);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/29\");\n\n script_cve_id(\"CVE-2022-41032\");\n\n script_name(english:\"Oracle Linux 9 : dotnet7.0 (ELSA-2022-8434)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-8434 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-8434.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:aspnetcore-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-apphost-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-hostfxr-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-runtime-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-sdk-7.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-targeting-pack-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dotnet-templates-7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:netstandard-targeting-pack-2.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-7.0.100-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-7.0-7.0.0-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-7.0-7.0.100-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.5.rc2.0.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-7.0.100-0.5.rc2.0.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-7.0 / aspnetcore-targeting-pack-7.0 / dotnet-apphost-pack-7.0 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:42:48", "description": "The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-7f5f9ede26 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-23T00:00:00", "type": "nessus", "title": "Fedora 35 : dotnet3.1 (2022-7f5f9ede26)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-12-23T00:00:00", "cpe": ["p-cpe:2.3:a:fedoraproject:fedora:dotnet3.1:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"], "id": "FEDORA_2022-7F5F9EDE26.NASL", "href": "https://www.tenable.com/plugins/nessus/169213", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-7f5f9ede26\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169213);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/23\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"FEDORA\", value:\"2022-7f5f9ede26\");\n\n script_name(english:\"Fedora 35 : dotnet3.1 (2022-7f5f9ede26)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 35 host has a package installed that is affected by a vulnerability as referenced in the\nFEDORA-2022-7f5f9ede26 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-7f5f9ede26\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected dotnet3.1 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dotnet3.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^35([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 35', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'dotnet3.1-3.1.424-1.fc35', 'release':'FC35', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dotnet3.1');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:36:35", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6911 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : .NET 6.0 (RLSA-2022:6911)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:aspnetcore-runtime-6.0", "p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-6.0", "p-cpe:/a:rocky:linux:dotnet", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0", "p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-host", "p-cpe:/a:rocky:linux:dotnet-host-debuginfo", "p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0", "p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-runtime-6.0", "p-cpe:/a:rocky:linux:dotnet-runtime-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-6.0", "p-cpe:/a:rocky:linux:dotnet-sdk-6.0-debuginfo", "p-cpe:/a:rocky:linux:dotnet-sdk-6.0-source-built-artifacts", "p-cpe:/a:rocky:linux:dotnet-targeting-pack-6.0", "p-cpe:/a:rocky:linux:dotnet-templates-6.0", "p-cpe:/a:rocky:linux:dotnet6.0-debuginfo", "p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-6911.NASL", "href": "https://www.tenable.com/plugins/nessus/167824", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:6911.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167824);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-41032\");\n script_xref(name:\"RLSA\", value:\"2022:6911\");\n\n script_name(english:\"Rocky Linux 8 : .NET 6.0 (RLSA-2022:6911)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2022:6911 advisory.\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:6911\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:aspnetcore-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-apphost-pack-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-host-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-hostfxr-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-runtime-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-sdk-6.0-source-built-artifacts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-targeting-pack-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet-templates-6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:dotnet6.0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:netstandard-targeting-pack-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-runtime-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'aspnetcore-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-debuginfo-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-apphost-pack-6.0-debuginfo-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-debuginfo-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-host-debuginfo-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-debuginfo-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-hostfxr-6.0-debuginfo-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-debuginfo-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-runtime-6.0-debuginfo-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-debuginfo-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-debuginfo-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-sdk-6.0-source-built-artifacts-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-targeting-pack-6.0-6.0.10-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet-templates-6.0-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet6.0-debuginfo-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dotnet6.0-debuginfo-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'netstandard-targeting-pack-2.1-6.0.110-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aspnetcore-runtime-6.0 / aspnetcore-targeting-pack-6.0 / dotnet / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-10T19:44:30", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-d80b1d2827 advisory.\n\n - .NET Core and Visual Studio Denial of Service Vulnerability. (CVE-2022-38013)\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-22T00:00:00", "type": "nessus", "title": "Fedora 36 : dotnet6.0 (2022-d80b1d2827)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-38013", "CVE-2022-41032"], "modified": "2022-12-22T00:00:00", "cpe": ["cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "p-cpe:2.3:a:fedoraproject:fedora:dotnet6.0:*:*:*:*:*:*:*"], "id": "FEDORA_2022-D80B1D2827.NASL", "href": "https://www.tenable.com/plugins/nessus/169167", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-d80b1d2827\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169167);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/22\");\n\n script_cve_id(\"CVE-2022-38013\", \"CVE-2022-41032\");\n script_xref(name:\"FEDORA\", value:\"2022-d80b1d2827\");\n\n script_name(english:\"Fedora 36 : dotnet6.0 (2022-d80b1d2827)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-d80b1d2827 advisory.\n\n - .NET Core and Visual Studio Denial of Service Vulnerability. (CVE-2022-38013)\n\n - NuGet Client Elevation of Privilege Vulnerability. (CVE-2022-41032)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-d80b1d2827\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected dotnet6.0 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-41032\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dotnet6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'dotnet6.0-6.0.109-1.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dotnet6.0');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-25T14:25:48", "description": "The remote Windows host is missing security update 5018479. It is, therefore, affected by multiple vulnerabilities\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982, CVE-2022-38031)\n\n - Active Directory Certificate Services Elevation of Privilege Vulnerability (CVE-2022-37976)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "KB5018479: Windows Server 2008 R2 Security Update (October 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-33635", "CVE-2022-33645", "CVE-2022-35770", "CVE-2022-37975", "CVE-2022-37976", "CVE-2022-37977", "CVE-2022-37978", "CVE-2022-37981", "CVE-2022-37982", "CVE-2022-37985", "CVE-2022-37986", "CVE-2022-37987", "CVE-2022-37988", "CVE-2022-37989", "CVE-2022-37990", "CVE-2022-37991", "CVE-2022-37993", "CVE-2022-37994", "CVE-2022-37997", "CVE-2022-37999", "CVE-2022-38000", "CVE-2022-38022", "CVE-2022-38026", "CVE-2022-38029", "CVE-2022-38031", "CVE-2022-38032", "CVE-2022-38033", "CVE-2022-38034", "CVE-2022-38037", "CVE-2022-38038", "CVE-2022-38040", "CVE-2022-38041", "CVE-2022-38042", "CVE-2022-38043", "CVE-2022-38044", "CVE-2022-38047", "CVE-2022-38051", "CVE-2022-41033", "CVE-2022-41081"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_OCT_5018479.NASL", "href": "https://www.tenable.com/plugins/nessus/166024", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166024);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2022-22035\",\n \"CVE-2022-24504\",\n \"CVE-2022-30198\",\n \"CVE-2022-33634\",\n \"CVE-2022-33635\",\n \"CVE-2022-33645\",\n \"CVE-2022-35770\",\n \"CVE-2022-37975\",\n \"CVE-2022-37976\",\n \"CVE-2022-37977\",\n \"CVE-2022-37978\",\n \"CVE-2022-37981\",\n \"CVE-2022-37982\",\n \"CVE-2022-37985\",\n \"CVE-2022-37986\",\n \"CVE-2022-37987\",\n \"CVE-2022-37988\",\n \"CVE-2022-37989\",\n \"CVE-2022-37990\",\n \"CVE-2022-37991\",\n \"CVE-2022-37993\",\n \"CVE-2022-37994\",\n \"CVE-2022-37997\",\n \"CVE-2022-37999\",\n \"CVE-2022-38000\",\n \"CVE-2022-38022\",\n \"CVE-2022-38026\",\n \"CVE-2022-38029\",\n \"CVE-2022-38031\",\n \"CVE-2022-38032\",\n \"CVE-2022-38033\",\n \"CVE-2022-38034\",\n \"CVE-2022-38037\",\n \"CVE-2022-38038\",\n \"CVE-2022-38040\",\n \"CVE-2022-38041\",\n \"CVE-2022-38042\",\n \"CVE-2022-38043\",\n \"CVE-2022-38044\",\n \"CVE-2022-38047\",\n \"CVE-2022-38051\",\n \"CVE-2022-41033\",\n \"CVE-2022-41081\"\n );\n script_xref(name:\"MSKB\", value:\"5018454\");\n script_xref(name:\"MSKB\", value:\"5018479\");\n script_xref(name:\"MSFT\", value:\"MS22-5018454\");\n script_xref(name:\"MSFT\", value:\"MS22-5018479\");\n script_xref(name:\"IAVA\", value:\"2022-A-0408-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0409-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/11/01\");\n\n script_name(english:\"KB5018479: Windows Server 2008 R2 Security Update (October 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5018479. It is, therefore, affected by multiple vulnerabilities\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982,\n CVE-2022-38031)\n\n - Active Directory Certificate Services Elevation of Privilege Vulnerability (CVE-2022-37976)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5018454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5018479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5018454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5018479\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5018479 or Cumulative Update 5018454\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-38040\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-10';\nkbs = make_list(\n '5018479',\n '5018454'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1',\n sp:1,\n rollup_date:'10_2022',\n bulletin:bulletin,\n rollup_kb_list:[5018479, 5018454])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-25T16:31:44", "description": "The remote Windows host is missing security update 5018411. It is, therefore, affected by multiple vulnerabilities\n\n - Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982, CVE-2022-38031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "KB5018411: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-33635", "CVE-2022-33645", "CVE-2022-35770", "CVE-2022-37965", "CVE-2022-37975", "CVE-2022-37976", "CVE-2022-37977", "CVE-2022-37978", "CVE-2022-37979", "CVE-2022-37981", "CVE-2022-37982", "CVE-2022-37984", "CVE-2022-37985", "CVE-2022-37986", "CVE-2022-37987", "CVE-2022-37988", "CVE-2022-37989", "CVE-2022-37990", "CVE-2022-37991", "CVE-2022-37993", "CVE-2022-37994", "CVE-2022-37995", "CVE-2022-37996", "CVE-2022-37997", "CVE-2022-37999", "CVE-2022-38000", "CVE-2022-38003", "CVE-2022-38021", "CVE-2022-38022", "CVE-2022-38026", "CVE-2022-38027", "CVE-2022-38028", "CVE-2022-38029", "CVE-2022-38031", "CVE-2022-38032", "CVE-2022-38033", "CVE-2022-38034", "CVE-2022-38037", "CVE-2022-38038", "CVE-2022-38040", "CVE-2022-38041", "CVE-2022-38042", "CVE-2022-38043", "CVE-2022-38044", "CVE-2022-38045", "CVE-2022-38047", "CVE-2022-38051", "CVE-2022-41033", "CVE-2022-41081"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_OCT_5018411.NASL", "href": "https://www.tenable.com/plugins/nessus/166039", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166039);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2022-22035\",\n \"CVE-2022-24504\",\n \"CVE-2022-30198\",\n \"CVE-2022-33634\",\n \"CVE-2022-33635\",\n \"CVE-2022-33645\",\n \"CVE-2022-35770\",\n \"CVE-2022-37965\",\n \"CVE-2022-37975\",\n \"CVE-2022-37976\",\n \"CVE-2022-37977\",\n \"CVE-2022-37978\",\n \"CVE-2022-37979\",\n \"CVE-2022-37981\",\n \"CVE-2022-37982\",\n \"CVE-2022-37984\",\n \"CVE-2022-37985\",\n \"CVE-2022-37986\",\n \"CVE-2022-37987\",\n \"CVE-2022-37988\",\n \"CVE-2022-37989\",\n \"CVE-2022-37990\",\n \"CVE-2022-37991\",\n \"CVE-2022-37993\",\n \"CVE-2022-37994\",\n \"CVE-2022-37995\",\n \"CVE-2022-37996\",\n \"CVE-2022-37997\",\n \"CVE-2022-37999\",\n \"CVE-2022-38000\",\n \"CVE-2022-38003\",\n \"CVE-2022-38021\",\n \"CVE-2022-38022\",\n \"CVE-2022-38026\",\n \"CVE-2022-38027\",\n \"CVE-2022-38028\",\n \"CVE-2022-38029\",\n \"CVE-2022-38031\",\n \"CVE-2022-38032\",\n \"CVE-2022-38033\",\n \"CVE-2022-38034\",\n \"CVE-2022-38037\",\n \"CVE-2022-38038\",\n \"CVE-2022-38040\",\n \"CVE-2022-38041\",\n \"CVE-2022-38042\",\n \"CVE-2022-38043\",\n \"CVE-2022-38044\",\n \"CVE-2022-38045\",\n \"CVE-2022-38047\",\n \"CVE-2022-38051\",\n \"CVE-2022-41033\",\n \"CVE-2022-41081\"\n );\n script_xref(name:\"MSKB\", value:\"5018411\");\n script_xref(name:\"MSFT\", value:\"MS22-5018411\");\n script_xref(name:\"IAVA\", value:\"2022-A-0408-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0409-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/11/01\");\n\n script_name(english:\"KB5018411: Windows 10 Version 1607 and Windows Server 2016 Security Update (October 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5018411. It is, therefore, affected by multiple vulnerabilities\n\n - Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982,\n CVE-2022-38031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5018411\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5018411\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-38040\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-38045\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-10';\nkbs = make_list(\n '5018411'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:14393,\n rollup_date:'10_2022',\n bulletin:bulletin,\n rollup_kb_list:[5018411])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-25T16:31:59", "description": "The remote Windows host is missing security update 5018478. It is, therefore, affected by multiple vulnerabilities\n\n - Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982, CVE-2022-38031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "KB5018478: Windows Server 2012 Security Update (October 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-33635", "CVE-2022-33645", "CVE-2022-35770", "CVE-2022-37965", "CVE-2022-37975", "CVE-2022-37976", "CVE-2022-37977", "CVE-2022-37978", "CVE-2022-37981", "CVE-2022-37982", "CVE-2022-37984", "CVE-2022-37985", "CVE-2022-37986", "CVE-2022-37987", "CVE-2022-37988", "CVE-2022-37989", "CVE-2022-37990", "CVE-2022-37991", "CVE-2022-37993", "CVE-2022-37994", "CVE-2022-37997", "CVE-2022-37999", "CVE-2022-38000", "CVE-2022-38022", "CVE-2022-38026", "CVE-2022-38027", "CVE-2022-38028", "CVE-2022-38029", "CVE-2022-38031", "CVE-2022-38032", "CVE-2022-38033", "CVE-2022-38034", "CVE-2022-38037", "CVE-2022-38038", "CVE-2022-38040", "CVE-2022-38041", "CVE-2022-38042", "CVE-2022-38043", "CVE-2022-38044", "CVE-2022-38045", "CVE-2022-38047", "CVE-2022-38051", "CVE-2022-41033", "CVE-2022-41081"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_OCT_5018478.NASL", "href": "https://www.tenable.com/plugins/nessus/166029", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166029);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2022-22035\",\n \"CVE-2022-24504\",\n \"CVE-2022-30198\",\n \"CVE-2022-33634\",\n \"CVE-2022-33635\",\n \"CVE-2022-33645\",\n \"CVE-2022-35770\",\n \"CVE-2022-37965\",\n \"CVE-2022-37975\",\n \"CVE-2022-37976\",\n \"CVE-2022-37977\",\n \"CVE-2022-37978\",\n \"CVE-2022-37981\",\n \"CVE-2022-37982\",\n \"CVE-2022-37984\",\n \"CVE-2022-37985\",\n \"CVE-2022-37986\",\n \"CVE-2022-37987\",\n \"CVE-2022-37988\",\n \"CVE-2022-37989\",\n \"CVE-2022-37990\",\n \"CVE-2022-37991\",\n \"CVE-2022-37993\",\n \"CVE-2022-37994\",\n \"CVE-2022-37997\",\n \"CVE-2022-37999\",\n \"CVE-2022-38000\",\n \"CVE-2022-38022\",\n \"CVE-2022-38026\",\n \"CVE-2022-38027\",\n \"CVE-2022-38028\",\n \"CVE-2022-38029\",\n \"CVE-2022-38031\",\n \"CVE-2022-38032\",\n \"CVE-2022-38033\",\n \"CVE-2022-38034\",\n \"CVE-2022-38037\",\n \"CVE-2022-38038\",\n \"CVE-2022-38040\",\n \"CVE-2022-38041\",\n \"CVE-2022-38042\",\n \"CVE-2022-38043\",\n \"CVE-2022-38044\",\n \"CVE-2022-38045\",\n \"CVE-2022-38047\",\n \"CVE-2022-38051\",\n \"CVE-2022-41033\",\n \"CVE-2022-41081\"\n );\n script_xref(name:\"MSKB\", value:\"5018457\");\n script_xref(name:\"MSKB\", value:\"5018478\");\n script_xref(name:\"MSFT\", value:\"MS22-5018457\");\n script_xref(name:\"MSFT\", value:\"MS22-5018478\");\n script_xref(name:\"IAVA\", value:\"2022-A-0408-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0409-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/11/01\");\n\n script_name(english:\"KB5018478: Windows Server 2012 Security Update (October 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5018478. It is, therefore, affected by multiple vulnerabilities\n\n - Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982,\n CVE-2022-38031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5018457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5018478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5018457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5018478\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5018478 or Cumulative Update 5018457\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-38040\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-38045\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-10';\nkbs = make_list(\n '5018478',\n '5018457'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2',\n sp:0,\n rollup_date:'10_2022',\n bulletin:bulletin,\n rollup_kb_list:[5018478, 5018457])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-25T15:06:15", "description": "The remote Windows host is missing security update 5018476. It is, therefore, affected by multiple vulnerabilities\n\n - Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982, CVE-2022-38031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "KB5018476: Windows Server 2012 R2 Security Update (October 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-33635", "CVE-2022-33645", "CVE-2022-35770", "CVE-2022-37965", "CVE-2022-37975", "CVE-2022-37976", "CVE-2022-37977", "CVE-2022-37978", "CVE-2022-37981", "CVE-2022-37982", "CVE-2022-37984", "CVE-2022-37985", "CVE-2022-37986", "CVE-2022-37987", "CVE-2022-37988", "CVE-2022-37989", "CVE-2022-37990", "CVE-2022-37991", "CVE-2022-37993", "CVE-2022-37994", "CVE-2022-37996", "CVE-2022-37997", "CVE-2022-37999", "CVE-2022-38000", "CVE-2022-38022", "CVE-2022-38026", "CVE-2022-38027", "CVE-2022-38028", "CVE-2022-38029", "CVE-2022-38031", "CVE-2022-38032", "CVE-2022-38033", "CVE-2022-38034", "CVE-2022-38037", "CVE-2022-38038", "CVE-2022-38040", "CVE-2022-38041", "CVE-2022-38042", "CVE-2022-38043", "CVE-2022-38044", "CVE-2022-38045", "CVE-2022-38047", "CVE-2022-38051", "CVE-2022-41033", "CVE-2022-41081"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_OCT_5018476.NASL", "href": "https://www.tenable.com/plugins/nessus/166030", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166030);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2022-22035\",\n \"CVE-2022-24504\",\n \"CVE-2022-30198\",\n \"CVE-2022-33634\",\n \"CVE-2022-33635\",\n \"CVE-2022-33645\",\n \"CVE-2022-35770\",\n \"CVE-2022-37965\",\n \"CVE-2022-37975\",\n \"CVE-2022-37976\",\n \"CVE-2022-37977\",\n \"CVE-2022-37978\",\n \"CVE-2022-37981\",\n \"CVE-2022-37982\",\n \"CVE-2022-37984\",\n \"CVE-2022-37985\",\n \"CVE-2022-37986\",\n \"CVE-2022-37987\",\n \"CVE-2022-37988\",\n \"CVE-2022-37989\",\n \"CVE-2022-37990\",\n \"CVE-2022-37991\",\n \"CVE-2022-37993\",\n \"CVE-2022-37994\",\n \"CVE-2022-37996\",\n \"CVE-2022-37997\",\n \"CVE-2022-37999\",\n \"CVE-2022-38000\",\n \"CVE-2022-38022\",\n \"CVE-2022-38026\",\n \"CVE-2022-38027\",\n \"CVE-2022-38028\",\n \"CVE-2022-38029\",\n \"CVE-2022-38031\",\n \"CVE-2022-38032\",\n \"CVE-2022-38033\",\n \"CVE-2022-38034\",\n \"CVE-2022-38037\",\n \"CVE-2022-38038\",\n \"CVE-2022-38040\",\n \"CVE-2022-38041\",\n \"CVE-2022-38042\",\n \"CVE-2022-38043\",\n \"CVE-2022-38044\",\n \"CVE-2022-38045\",\n \"CVE-2022-38047\",\n \"CVE-2022-38051\",\n \"CVE-2022-41033\",\n \"CVE-2022-41081\"\n );\n script_xref(name:\"MSKB\", value:\"5018474\");\n script_xref(name:\"MSKB\", value:\"5018476\");\n script_xref(name:\"MSFT\", value:\"MS22-5018474\");\n script_xref(name:\"MSFT\", value:\"MS22-5018476\");\n script_xref(name:\"IAVA\", value:\"2022-A-0408-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0409-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/11/01\");\n\n script_name(english:\"KB5018476: Windows Server 2012 R2 Security Update (October 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5018476. It is, therefore, affected by multiple vulnerabilities\n\n - Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982,\n CVE-2022-38031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5018474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/5018476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5018474\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5018476\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5018476 or Cumulative Update 5018474\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-38040\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-38045\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-10';\nkbs = make_list(\n '5018476',\n '5018474'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3',\n sp:0,\n rollup_date:'10_2022',\n bulletin:bulletin,\n rollup_kb_list:[5018476, 5018474])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-26T02:47:21", "description": "The remote Windows host is missing security update 5018419. It is, therefore, affected by multiple vulnerabilities\n\n - Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982, CVE-2022-38031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "KB5018419: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-33635", "CVE-2022-33645", "CVE-2022-35770", "CVE-2022-37965", "CVE-2022-37970", "CVE-2022-37975", "CVE-2022-37976", "CVE-2022-37977", "CVE-2022-37978", "CVE-2022-37979", "CVE-2022-37981", "CVE-2022-37982", "CVE-2022-37983", "CVE-2022-37984", "CVE-2022-37985", "CVE-2022-37986", "CVE-2022-37987", "CVE-2022-37988", "CVE-2022-37989", "CVE-2022-37990", "CVE-2022-37991", "CVE-2022-37993", "CVE-2022-37994", "CVE-2022-37995", "CVE-2022-37996", "CVE-2022-37997", "CVE-2022-37999", "CVE-2022-38000", "CVE-2022-38003", "CVE-2022-38016", "CVE-2022-38021", "CVE-2022-38022", "CVE-2022-38026", "CVE-2022-38027", "CVE-2022-38028", "CVE-2022-38029", "CVE-2022-38030", "CVE-2022-38031", "CVE-2022-38032", "CVE-2022-38033", "CVE-2022-38034", "CVE-2022-38037", "CVE-2022-38038", "CVE-2022-38039", "CVE-2022-38040", "CVE-2022-38041", "CVE-2022-38042", "CVE-2022-38043", "CVE-2022-38044", "CVE-2022-38045", "CVE-2022-38046", "CVE-2022-38047", "CVE-2022-38050", "CVE-2022-38051", "CVE-2022-41033", "CVE-2022-41081"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS22_OCT_5018419.NASL", "href": "https://www.tenable.com/plugins/nessus/166025", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166025);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\n \"CVE-2022-22035\",\n \"CVE-2022-24504\",\n \"CVE-2022-30198\",\n \"CVE-2022-33634\",\n \"CVE-2022-33635\",\n \"CVE-2022-33645\",\n \"CVE-2022-35770\",\n \"CVE-2022-37965\",\n \"CVE-2022-37970\",\n \"CVE-2022-37975\",\n \"CVE-2022-37976\",\n \"CVE-2022-37977\",\n \"CVE-2022-37978\",\n \"CVE-2022-37979\",\n \"CVE-2022-37981\",\n \"CVE-2022-37982\",\n \"CVE-2022-37983\",\n \"CVE-2022-37984\",\n \"CVE-2022-37985\",\n \"CVE-2022-37986\",\n \"CVE-2022-37987\",\n \"CVE-2022-37988\",\n \"CVE-2022-37989\",\n \"CVE-2022-37990\",\n \"CVE-2022-37991\",\n \"CVE-2022-37993\",\n \"CVE-2022-37994\",\n \"CVE-2022-37995\",\n \"CVE-2022-37996\",\n \"CVE-2022-37997\",\n \"CVE-2022-37999\",\n \"CVE-2022-38000\",\n \"CVE-2022-38003\",\n \"CVE-2022-38016\",\n \"CVE-2022-38021\",\n \"CVE-2022-38022\",\n \"CVE-2022-38026\",\n \"CVE-2022-38027\",\n \"CVE-2022-38028\",\n \"CVE-2022-38029\",\n \"CVE-2022-38030\",\n \"CVE-2022-38031\",\n \"CVE-2022-38032\",\n \"CVE-2022-38033\",\n \"CVE-2022-38034\",\n \"CVE-2022-38037\",\n \"CVE-2022-38038\",\n \"CVE-2022-38039\",\n \"CVE-2022-38040\",\n \"CVE-2022-38041\",\n \"CVE-2022-38042\",\n \"CVE-2022-38043\",\n \"CVE-2022-38044\",\n \"CVE-2022-38045\",\n \"CVE-2022-38046\",\n \"CVE-2022-38047\",\n \"CVE-2022-38050\",\n \"CVE-2022-38051\",\n \"CVE-2022-41033\",\n \"CVE-2022-41081\"\n );\n script_xref(name:\"MSKB\", value:\"5018419\");\n script_xref(name:\"MSFT\", value:\"MS22-5018419\");\n script_xref(name:\"IAVA\", value:\"2022-A-0408-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0409-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/11/01\");\n\n script_name(english:\"KB5018419: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5018419. It is, therefore, affected by multiple vulnerabilities\n\n - Server Service Remote Protocol Elevation of Privilege Vulnerability (CVE-2022-38045)\n\n - Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2022-38040)\n\n - Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2022-37982,\n CVE-2022-38031)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/help/5018419\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Update 5018419\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-38040\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-38045\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS22-10';\nkbs = make_list(\n '5018419'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n os_build:17763,\n rollup_date:'10_2022',\n bulletin:bulletin,\n rollup_kb_list:[5018419])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2022-11-02T23:02:29", "description": "### *Detect date*:\n10/03/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, spoof user interface.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-3311](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3311>) \n[CVE-2022-41035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>) \n[CVE-2022-3317](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3317>) \n[CVE-2022-3316](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3316>) \n[CVE-2022-3307](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3307>) \n[CVE-2022-3313](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3313>) \n[CVE-2022-3304](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3304>) \n[CVE-2022-3315](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3315>) \n[CVE-2022-3308](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3308>) \n[CVE-2022-3310](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3310>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-03T00:00:00", "type": "kaspersky", "title": "KLA19267 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-3304", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3313", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-41035"], "modified": "2022-10-04T00:00:00", "id": "KLA19267", "href": "https://threats.kaspersky.com/en/vulnerability/KLA19267/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-12T16:51:13", "description": "### *Detect date*:\n10/11/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Office LTSC 2021 for 64-bit editions \nMicrosoft Office LTSC 2021 for 32-bit editions \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \nMicrosoft Office 2013 RT Service Pack 1 \nMicrosoft Office 2016 (32-bit edition) \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nMicrosoft SharePoint Server Subscription Edition \nMicrosoft Office 2016 (64-bit edition) \nMicrosoft 365 Apps for Enterprise for 64-bit Systems \nMicrosoft SharePoint Enterprise Server 2016 \nMicrosoft Office 2013 Service Pack 1 (32-bit editions) \nMicrosoft Office 2019 for Mac \nMicrosoft Office LTSC for Mac 2021 \nMicrosoft SharePoint Server 2019 \nMicrosoft Office 2019 for 32-bit editions \nMicrosoft 365 Apps for Enterprise for 32-bit Systems \nMicrosoft Office 2019 for 64-bit editions \nMicrosoft Office 2013 Service Pack 1 (64-bit editions)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-41036](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41036>) \n[CVE-2022-38001](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38001>) \n[CVE-2022-41037](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41037>) \n[CVE-2022-38048](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38048>) \n[CVE-2022-41031](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41031>) \n[CVE-2022-38053](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38053>) \n[CVE-2022-38049](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38049>) \n[CVE-2022-41043](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41043>) \n[CVE-2022-41038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Office](<https://threats.kaspersky.com/en/product/Microsoft-Office/>)\n\n### *KB list*:\n[5002279](<http://support.microsoft.com/kb/5002279>) \n[5002287](<http://support.microsoft.com/kb/5002287>) \n[5002278](<http://support.microsoft.com/kb/5002278>) \n[5002283](<http://support.microsoft.com/kb/5002283>) \n[5002026](<http://support.microsoft.com/kb/5002026>) \n[5002290](<http://support.microsoft.com/kb/5002290>) \n[5002288](<http://support.microsoft.com/kb/5002288>) \n[5002284](<http://support.microsoft.com/kb/5002284>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "kaspersky", "title": "KLA20002 Multiple vulnerabilities in Microsoft Office", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-38001", "CVE-2022-38048", "CVE-2022-38049", "CVE-2022-38053", "CVE-2022-41031", "CVE-2022-41036", "CVE-2022-41037", "CVE-2022-41038", "CVE-2022-41043"], "modified": "2022-10-12T00:00:00", "id": "KLA20002", "href": "https://threats.kaspersky.com/en/vulnerability/KLA20002/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-01T22:10:01", "description": "### *Detect date*:\n10/06/2022\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.\n\n### *Affected products*:\nMicrosoft Edge (Chromium-based)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-3373](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3373>) \n[CVE-2022-3370](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3370>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-06T00:00:00", "type": "kaspersky", "title": "KLA19999 Multiple vulnerabilities in Microsoft Browser", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-10-07T00:00:00", "id": "KLA19999", "href": "https://threats.kaspersky.com/en/vulnerability/KLA19999/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-12T16:51:14", "description": "### *Detect date*:\n10/11/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, obtain sensitive information, bypass security restrictions, execute arbitrary code, cause denial of service.\n\n### *Affected products*:\nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-41033](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41033>) \n[CVE-2022-38029](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38029>) \n[CVE-2022-37994](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37994>) \n[CVE-2022-34689](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34689>) \n[CVE-2022-37985](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37985>) \n[CVE-2022-37975](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37975>) \n[CVE-2022-37999](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37999>) \n[CVE-2022-38032](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38032>) \n[CVE-2022-38051](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38051>) \n[CVE-2022-37976](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>) \n[CVE-2022-38042](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38042>) \n[CVE-2022-38047](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38047>) \n[CVE-2022-38044](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38044>) \n[CVE-2022-37981](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37981>) \n[CVE-2022-24504](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24504>) \n[CVE-2022-38040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38040>) \n[CVE-2022-33634](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33634>) \n[CVE-2022-37990](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37990>) \n[CVE-2022-37982](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37982>) \n[CVE-2022-37997](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37997>) \n[CVE-2022-33635](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33635>) \n[CVE-2022-22035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22035>) \n[CVE-2022-38038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38038>) \n[CVE-2022-38043](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38043>) \n[CVE-2022-37988](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37988>) \n[CVE-2022-37991](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37991>) \n[CVE-2022-37993](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37993>) \n[CVE-2022-38026](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38026>) \n[CVE-2022-38041](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38041>) \n[CVE-2022-30198](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30198>) \n[CVE-2022-33645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33645>) \n[CVE-2022-38034](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38034>) \n[CVE-2022-37977](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37977>) \n[CVE-2022-38033](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38033>) \n[CVE-2022-38022](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38022>) \n[CVE-2022-37986](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37986>) \n[CVE-2022-38037](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38037>) \n[CVE-2022-41081](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41081>) \n[CVE-2022-37987](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37987>) \n[CVE-2022-38031](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38031>) \n[CVE-2022-38000](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38000>) \n[CVE-2022-35770](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35770>) \n[CVE-2022-37989](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37989>) \n[CVE-2022-37978](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37978>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5016622](<http://support.microsoft.com/kb/5016622>) \n[5016686](<http://support.microsoft.com/kb/5016686>) \n[5016669](<http://support.microsoft.com/kb/5016669>) \n[5016679](<http://support.microsoft.com/kb/5016679>) \n[5016676](<http://support.microsoft.com/kb/5016676>) \n[5018446](<http://support.microsoft.com/kb/5018446>) \n[5018479](<http://support.microsoft.com/kb/5018479>) \n[5018450](<http://support.microsoft.com/kb/5018450>) \n[5018454](<http://support.microsoft.com/kb/5018454>)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T00:00:00", "type": "kaspersky", "title": "KLA20001 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-33635", "CVE-2022-33645", "CVE-2022-34689", "CVE-2022-35770", "CVE-2022-37975", "CVE-2022-37976", "CVE-2022-37977", "CVE-2022-37978", "CVE-2022-37981", "CVE-2022-37982", "CVE-2022-37985", "CVE-2022-37986", "CVE-2022-37987", "CVE-2022-37988", "CVE-2022-37989", "CVE-2022-37990", "CVE-2022-37991", "CVE-2022-37993", "CVE-2022-37994", "CVE-2022-37997", "CVE-2022-37999", "CVE-2022-38000", "CVE-2022-38022", "CVE-2022-38026", "CVE-2022-38029", "CVE-2022-38031", "CVE-2022-38032", "CVE-2022-38033", "CVE-2022-38034", "CVE-2022-38037", "CVE-2022-38038", "CVE-2022-38040", "CVE-2022-38041", "CVE-2022-38042", "CVE-2022-38043", "CVE-2022-38044", "CVE-2022-38047", "CVE-2022-38051", "CVE-2022-41033", "CVE-2022-41081"], "modified": "2022-10-12T00:00:00", "id": "KLA20001", "href": "https://threats.kaspersky.com/en/vulnerability/KLA20001/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-12T16:51:09", "description": "### *Detect date*:\n10/11/2022\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface.\n\n### *Affected products*:\nAzure Service Fabric Explorer \nAzure Arc-enabled Kubernetes cluster 1.8.11 \nAzure StorSimple 8000 Series \nAzure Arc-enabled Kubernetes cluster 1.5.8 \nAzure Arc-enabled Kubernetes cluster 1.7.18 \nAzure Arc-enabled Kubernetes cluster 1.6.19 \nAzure Stack Edge\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2022-37968](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968>) \n[CVE-2022-38017](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38017>) \n[CVE-2022-35829](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35829>) \n\n\n### *Impacts*:\nPE \n\n### *Related products*:\n[Microsoft Edge](<https://threats.kaspersky.com/en/product/Microsoft-Edge/>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-11T00:00:00", "type": "kaspersky", "title": "KLA20004 Multiple vulnerabilities in Microsoft Azure", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-35829", "CVE-2022-37968", "CVE-2022-38017"], "modified": "2022-10-12T00:00:00", "id": "KLA20004", "href": "https://threats.kaspersky.com/en/vulnerability/KLA20004/", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-02-09T14:07:55", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-22035", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-13T14:40:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:22h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-22035", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22035", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-02-09T14:37:47", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-38000", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-13T13:06:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:22h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-38000", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38000", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:24:15", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-30198", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-13T14:41:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:22h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-30198", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30198", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-02-09T14:13:41", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-24504", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-13T14:41:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:22h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-24504", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24504", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-02-09T14:37:55", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-38047", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-13T15:55:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:22h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-38047", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38047", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:30:12", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-33634", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-13T14:41:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:22h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-33634", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33634", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*"]}, {"lastseen": "2023-02-09T14:43:38", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-41081", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-12T17:14:00", "cpe": ["cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_11:22h2", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-41081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41081", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:37:55", "description": "Microsoft Office Graphics Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-38049", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-38049"], "modified": "2022-10-13T15:51:00", "cpe": ["cpe:/a:microsoft:office:2019", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office_long_term_servicing_channel:2021"], "id": "CVE-2022-38049", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38049", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"]}, {"lastseen": "2023-02-09T14:43:33", "description": "Microsoft Word Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-41031", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-41031"], "modified": "2022-10-13T15:37:00", "cpe": ["cpe:/a:microsoft:office:2019", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office_long_term_servicing_channel:2021"], "id": "CVE-2022-41031", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41031", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*"]}, {"lastseen": "2023-02-09T14:37:56", "description": "Microsoft Office Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-38048", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-38048"], "modified": "2022-10-12T19:04:00", "cpe": ["cpe:/a:microsoft:office_long_term_servicing_channel:2021", "cpe:/a:microsoft:365_apps:-", "cpe:/a:microsoft:office:2013", "cpe:/a:microsoft:office:2019", "cpe:/a:microsoft:office:2016"], "id": "CVE-2022-38048", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38048", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2019:*:*:*:*:macos:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*", "cpe:2.3:a:microsoft:office:2013:sp1:*:*:-:*:*:*", "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*", "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*", "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:37:42", "description": "Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-37968", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37968"], "modified": "2022-10-12T15:06:00", "cpe": ["cpe:/a:microsoft:azure_arc-enabled_kubernetes:1.6.19", "cpe:/a:microsoft:azure_stack_edge:-", "cpe:/a:microsoft:azure_arc-enabled_kubernetes:1.7.18", "cpe:/a:microsoft:azure_arc-enabled_kubernetes:1.8.11", "cpe:/a:microsoft:azure_arc-enabled_kubernetes:1.5.8"], "id": "CVE-2022-37968", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37968", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:a:microsoft:azure_arc-enabled_kubernetes:1.6.19:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_arc-enabled_kubernetes:1.7.18:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_arc-enabled_kubernetes:1.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_arc-enabled_kubernetes:1.8.11:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_stack_edge:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:37:44", "description": "Windows Hyper-V Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-37979", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37979"], "modified": "2022-10-13T13:42:00", "cpe": ["cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_11:22h2", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_11:-", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h2"], "id": "CVE-2022-37979", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37979", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_11:22h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*"]}, {"lastseen": "2023-02-09T14:37:44", "description": "Active Directory Certificate Services Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-37976", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-37976"], "modified": "2022-10-12T18:29:00", "cpe": ["cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2016:-", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2012:r2", "cpe:/o:microsoft:windows_server_2019:-"], "id": "CVE-2022-37976", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37976", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:43:33", "description": "NuGet Client Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-41032", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-12-02T23:00:00", "cpe": ["cpe:/a:microsoft:.net_core:3.1", "cpe:/o:fedoraproject:fedora:36", "cpe:/o:fedoraproject:fedora:37", "cpe:/a:microsoft:.net:6.0.0", "cpe:/o:fedoraproject:fedora:35"], "id": "CVE-2022-41032", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41032", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:a:microsoft:.net_core:3.1:-:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}, {"lastseen": "2023-02-09T14:43:34", "description": "Microsoft Edge (Chromium-based) Spoofing Vulnerability.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-10-11T19:15:00", "type": "cve", "title": "CVE-2022-41035", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-41035"], "modified": "2022-11-14T14:41:00", "cpe": [], "id": "CVE-2022-41035", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41035", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:29:41", "description": "Use after free in media in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-3307", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3307"], "modified": "2022-12-09T15:47:00", "cpe": [], "id": "CVE-2022-3307", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3307", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:29:48", "description": "Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-3317", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3317"], "modified": "2022-12-09T15:30:00", "cpe": [], "id": "CVE-2022-3317", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3317", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:29:48", "description": "Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass security feature via a crafted HTML page. (Chromium security severity: Low)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-3316", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3316"], "modified": "2022-12-09T15:49:00", "cpe": [], "id": "CVE-2022-3316", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3316", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:29:44", "description": "Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-3310", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3310"], "modified": "2022-12-09T15:48:00", "cpe": [], "id": "CVE-2022-3310", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3310", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:29:49", "description": "Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-3315", "cwe": ["CWE-843"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3315"], "modified": "2022-12-08T21:54:00", "cpe": [], "id": "CVE-2022-3315", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3315", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:29:46", "description": "Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-3311", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3311"], "modified": "2022-12-09T15:49:00", "cpe": [], "id": "CVE-2022-3311", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3311", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:29:47", "description": "Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-3313", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3313"], "modified": "2022-12-08T21:54:00", "cpe": [], "id": "CVE-2022-3313", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3313", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:29:42", "description": "Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.0}, "published": "2022-11-01T20:15:00", "type": "cve", "title": "CVE-2022-3308", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3308"], "modified": "2022-12-09T15:48:00", "cpe": [], "id": "CVE-2022-3308", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3308", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:30:21", "description": "Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T03:15:00", "type": "cve", "title": "CVE-2022-3370", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3370"], "modified": "2022-12-03T02:35:00", "cpe": [], "id": "CVE-2022-3370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3370", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:29:38", "description": "Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T19:15:00", "type": "cve", "title": "CVE-2022-3304", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3304"], "modified": "2022-12-09T15:47:00", "cpe": [], "id": "CVE-2022-3304", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3304", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2023-02-09T14:30:25", "description": "Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-11-01T03:15:00", "type": "cve", "title": "CVE-2022-3373", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-3373"], "modified": "2022-12-03T02:35:00", "cpe": [], "id": "CVE-2022-3373", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3373", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "mscve": [{"lastseen": "2023-03-17T02:31:54", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-38000", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38000", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-33634", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-33634", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-22035", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-22035", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:54", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-38047", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38047", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:53", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-41081", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41081", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-24504, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-30198", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30198", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22035, CVE-2022-30198, CVE-2022-33634, CVE-2022-38000, CVE-2022-38047, CVE-2022-41081.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-33634", "CVE-2022-38000", "CVE-2022-38047", "CVE-2022-41081"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-24504", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24504", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:54", "description": "Microsoft Office Graphics Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Microsoft Office Graphics Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-38049"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-38049", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38049", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:48", "description": "Microsoft Word Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Microsoft Word Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-41031"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-41031", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41031", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:54", "description": "Microsoft Office Remote Code Execution Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Microsoft Office Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-38048"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-38048", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38048", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:55", "description": "Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37968"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-37968", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37968", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:52", "description": "Windows Hyper-V Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Windows Hyper-V Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37979"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-37979", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37979", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:52", "description": "Active Directory Certificate Services Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "Active Directory Certificate Services Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-37976"], "modified": "2022-10-18T07:00:00", "id": "MS:CVE-2022-37976", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37976", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:53", "description": "NuGet Client Elevation of Privilege Vulnerability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mscve", "title": "NuGet Client Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2022-10-11T07:00:00", "id": "MS:CVE-2022-41032", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "Microsoft Edge (Chromium-based) Spoofing Vulnerability.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-41035"], "modified": "2022-11-08T08:00:00", "id": "MS:CVE-2022-41035", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41035", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3307 Use after free in Media", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3307"], "modified": "2022-10-03T07:00:00", "id": "MS:CVE-2022-3307", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3307", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3317 Insufficient validation of untrusted input in Intents", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3317"], "modified": "2022-10-03T07:00:00", "id": "MS:CVE-2022-3317", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3317", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe Browsing", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3316"], "modified": "2022-10-03T07:00:00", "id": "MS:CVE-2022-3316", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3316", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3310"], "modified": "2022-10-03T07:00:00", "id": "MS:CVE-2022-3310", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3310", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3315 Type confusion in Blink", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3315"], "modified": "2022-10-03T07:00:00", "id": "MS:CVE-2022-3315", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3315", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3311 Use after free in Import", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3311"], "modified": "2022-10-03T07:00:00", "id": "MS:CVE-2022-3311", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3311", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3313 Incorrect security UI in Full Screen", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3313"], "modified": "2022-10-03T07:00:00", "id": "MS:CVE-2022-3313", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3313", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.0}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer Tools", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3308"], "modified": "2022-10-03T07:00:00", "id": "MS:CVE-2022-3308", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3308", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-06T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3370 Use after free in Custom Elements", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3370"], "modified": "2022-10-06T07:00:00", "id": "MS:CVE-2022-3370", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3370", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-03T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3304 Use after free in CSS", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3304"], "modified": "2022-10-03T07:00:00", "id": "MS:CVE-2022-3304", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3304", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-17T02:31:56", "description": "This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](<https://chromereleases.googleblog.com/2022>) for more information.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-06T07:00:00", "type": "mscve", "title": "Chromium: CVE-2022-3373 Out of bounds write in V8", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-3373"], "modified": "2022-10-06T07:00:00", "id": "MS:CVE-2022-3373", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-3373", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes 18 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 106.0.5249.91 (boo#1203808):\n\n * CVE-2022-3370: Use after free in Custom Elements\n * CVE-2022-3373: Out of bounds write in V8\n\n includes changes from 106.0.5249.61:\n\n * CVE-2022-3304: Use after free in CSS\n * CVE-2022-3201: Insufficient validation of untrusted input in Developer\n Tools\n * CVE-2022-3305: Use after free in Survey\n * CVE-2022-3306: Use after free in Survey\n * CVE-2022-3307: Use after free in Media\n * CVE-2022-3308: Insufficient policy enforcement in Developer Tools\n * CVE-2022-3309: Use after free in Assistant\n * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs\n * CVE-2022-3311: Use after free in Import\n * CVE-2022-3312: Insufficient validation of untrusted input in VPN\n * CVE-2022-3313: Incorrect security UI in Full Screen\n * CVE-2022-3314: Use after free in Logging\n * CVE-2022-3315: Type confusion in Blink\n * CVE-2022-3316: Insufficient validation of untrusted input in Safe\n Browsing\n * CVE-2022-3317: Insufficient validation of untrusted input in Intents\n * CVE-2022-3318: Use after free in ChromeOS Notifications\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP4:\n\n zypper in -t patch openSUSE-2022-10138=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-03T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-10-03T00:00:00", "id": "OPENSUSE-SU-2022:10138-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YZBW4AE4VW4MIHPWQLMJEIBGACVXWAFW/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-06T17:57:42", "description": "An update that fixes 18 vulnerabilities is now available.\n\nDescription:\n\n This update for chromium fixes the following issues:\n\n Chromium 106.0.5249.91 (boo#1203808):\n\n * CVE-2022-3370: Use after free in Custom Elements\n * CVE-2022-3373: Out of bounds write in V8\n\n Uncludes changes from 106.0.5249.61:\n\n * CVE-2022-3304: Use after free in CSS\n * CVE-2022-3201: Insufficient validation of untrusted input in Developer\n Tools\n * CVE-2022-3305: Use after free in Survey\n * CVE-2022-3306: Use after free in Survey\n * CVE-2022-3307: Use after free in Media\n * CVE-2022-3308: Insufficient policy enforcement in Developer Tools\n * CVE-2022-3309: Use after free in Assistant\n * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs\n * CVE-2022-3311: Use after free in Import\n * CVE-2022-3312: Insufficient validation of untrusted input in VPN\n * CVE-2022-3313: Incorrect security UI in Full Screen\n * CVE-2022-3314: Use after free in Logging\n * CVE-2022-3315: Type confusion in Blink\n * CVE-2022-3316: Insufficient validation of untrusted input in Safe\n Browsing\n * CVE-2022-3317: Insufficient validation of untrusted input in Intents\n * CVE-2022-3318: Use after free in ChromeOS Notifications\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2022-10139=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-03T00:00:00", "type": "suse", "title": "Security update for chromium (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-10-03T00:00:00", "id": "OPENSUSE-SU-2022:10139-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WVCRR5JKWC4AEVTDL4IYBETTO2CE74I6/", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2022-11-02T19:35:53", "description": "The chromium-browser-stable package has been updated to the new 106 branch with the 106.0.5249.61 version, fixing many bugs and 20 vulnerabilities; it brings as well some improvements. Some of the security fixes are: High CVE-2022-3304: Use after free in CSS. High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09 High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24 High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27 High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08 Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08 Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29 Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16 Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04 Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06 Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20 Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24 Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05 Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07 Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24 Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22 \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-05T05:23:49", "type": "mageia", "title": "Updated chromium-browser-stable packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-10-05T05:23:49", "id": "MGASA-2022-0357", "href": "https://advisories.mageia.org/MGASA-2022-0357.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2022-11-02T19:31:26", "description": "\n\nChrome Releases reports:\n\nThis release contains 20 security fixes, including:\n\n[1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01\n[1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09\n[1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24\n[1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27\n[1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08\n[1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08\n[1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29\n[1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16\n[1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04\n[1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06\n[1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20\n[1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24\n[1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05\n[1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07\n[1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24\n[1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-27T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-09-27T00:00:00", "id": "18529CB0-3E9C-11ED-9BC7-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-02T00:05:24", "description": "\n\nChrome Releases reports:\n\nThis release contains 3 security fixes, including:\n\n[1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22\n[1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21\n\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-30T00:00:00", "type": "freebsd", "title": "chromium -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-09-30T00:00:00", "id": "D459C914-4100-11ED-9BC7-3065EC8FD3EC", "href": "https://vuxml.freebsd.org/freebsd/d459c914-4100-11ed-9bc7-3065ec8fd3ec.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2022-11-02T18:58:19", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5244-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 28, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-3201 CVE-2022-3304 CVE-2022-3305 CVE-2022-3306 \n CVE-2022-3307 CVE-2022-3308 CVE-2022-3309 CVE-2022-3310 \n CVE-2022-3311 CVE-2022-3312 CVE-2022-3313 CVE-2022-3314 \n CVE-2022-3315 CVE-2022-3316 CVE-2022-3317 CVE-2022-3318\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 106.0.5249.61-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-28T19:41:14", "type": "debian", "title": "[SECURITY] [DSA 5244-1] chromium security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318"], "modified": "2022-09-28T19:41:14", "id": "DEBIAN:DSA-5244-1:E42C3", "href": "https://lists.debian.org/debian-security-announce/2022/msg00213.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-01T22:03:44", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5245-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nOctober 02, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : chromium\nCVE ID : CVE-2022-3370 CVE-2022-3373\n\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 106.0.5249.91-1~deb11u1.\n\nWe recommend that you upgrade your chromium packages.\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-02T17:55:29", "type": "debian", "title": "[SECURITY] [DSA 5245-1] chromium security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-10-02T17:55:29", "id": "DEBIAN:DSA-5245-1:D4746", "href": "https://lists.debian.org/debian-security-announce/2022/msg00214.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2022-09-30T09:27:02", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 106.0.5249.61-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.5}, "published": "2022-09-28T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-3306", "CVE-2022-3312", "CVE-2022-3310", "CVE-2022-3304", "CVE-2022-3317", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3305", "CVE-2022-3314", "CVE-2022-3311", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3201", "CVE-2022-3318", "CVE-2022-3313", "CVE-2022-3309"], "modified": "2022-09-30T09:26:57", "id": "OSV:DSA-5244-1", "href": "https://osv.dev/vulnerability/DSA-5244-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-02T22:34:12", "description": "\nMultiple security issues were discovered in Chromium, which could result\nin the execution of arbitrary code, denial of service or information\ndisclosure.\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 106.0.5249.91-1~deb11u1.\n\n\nWe recommend that you upgrade your chromium packages.\n\n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/chromium](https://security-tracker.debian.org/tracker/chromium)\n\n\n", "cvss3": {}, "published": "2022-10-02T00:00:00", "type": "osv", "title": "chromium - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-10-02T22:34:09", "id": "OSV:DSA-5245-1", "href": "https://osv.dev/vulnerability/DSA-5245-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-14T05:44:16", "description": "## Description\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0.0-rc, .NET 6.0, .NET Core 3.1, and NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA vulnerability exists in .NET 7.0.0-rc.1, .NET 6.0, .NET Core 3.1, and NuGet clients (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol) where a malicious actor could cause a user to execute arbitrary code.\n\n## Affected software\n\n### NuGet & NuGet Packages\n\n- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.3.0 version or earlier.\n- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.2.1 version or earlier.\n- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.0.2 version or earlier.\n- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 5.11.2 version or earlier.\n- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 5.9.2 version or earlier.\n- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 5.7.2 version or earlier.\n- Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 4.9.5 version or earlier.\n\n### .NET SDK(s)\n\n- Any .NET 6.0 application running on .NET 6.0.9 or earlier.\n- Any .NET 3.1 application running on .NET Core 3.1.29 or earlier.\n\n## Patches\n\nTo fix the issue, please install the latest version of .NET 6.0 or .NET Core 3.1 and NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol versions). If you have installed one or more .NET SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET SDKs.\n\n- If you're using NuGet.exe 6.3.0 or lower, you should download and install 6.3.1 from https://dist.nuget.org/win-x86-commandline/v6.3.1/nuget.exe .\n\n- If you're using NuGet.exe 6.2.1 or lower, you should download and install 6.2.2 from https://dist.nuget.org/win-x86-commandline/v6.2.2/nuget.exe .\n\n- If you're using NuGet.exe 6.0.2 or lower, you should download and install 6.0.3 from https://dist.nuget.org/win-x86-commandline/v6.0.3/nuget.exe .\n\n- If you're using NuGet.exe 5.11.2 or lower, you should download and install 5.11.3 from https://dist.nuget.org/win-x86-commandline/v5.11.3/nuget.exe .\n\n- If you're using NuGet.exe 5.9.2 or lower, you should download and install 5.9.3 from https://dist.nuget.org/win-x86-commandline/v5.9.3/nuget.exe .\n\n- If you're using NuGet.exe 5.7.2 or lower, you should download and install 5.7.3 from https://dist.nuget.org/win-x86-commandline/v5.7.3/nuget.exe .\n\n- If you're using NuGet.exe 4.9.5 or lower, you should download and install 4.9.6 from https://dist.nuget.org/win-x86-commandline/v4.9.6/nuget.exe .\n\n- If you're using .NET Core 6.0, you should download and install Runtime 6.0.10 or SDK 6.0.110 (for Visual Studio 2022 v17.0) or SDK 6.0.402 (for Visual Studio 2022 v17.3) from https://dotnet.microsoft.com/download/dotnet-core/6.0.\n\n- If you're using .NET Core 3.1, you should download and install Runtime 3.1.30 or SDK 3.1.424 (for Visual Studio 2019 v16.9 or Visual Studio 2019 v16.11 or Visual Studio 2022 v17.0 or Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n\n.NET 6.0 and .NET Core 3.1 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.\n\n## Other details\n\nAnnouncement for this issue can be found at https://github.com/NuGet/Announcements/issues/65\n\nMSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-11T20:48:52", "type": "osv", "title": "NuGet Elevation of Privilege Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-41032"], "modified": "2023-03-14T05:44:13", "id": "OSV:GHSA-G3Q9-XF95-8HP5", "href": "https://osv.dev/vulnerability/GHSA-g3q9-xf95-8hp5", "cvss": {"score": 0.0, "vector": "NONE"}}], "avleonov": [{"lastseen": "2022-10-29T17:09:42", "description": "Hello everyone! This episode will be about Microsoft Patch Tuesday for October 2022, including vulnerabilities that were added between September and October Patch Tuesdays. As usual, I use my open source [Vulristics](<https://github.com/leonov-av/vulristics>) project to create the report.\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239106>\n \n \n $ cat comments_links.txt \n Qualys|October 2022 Patch Tuesday|https://blog.qualys.com/vulnerabilities-threat-research/2022/10/11/october-2022-patch-tuesday\n ZDI|THE OCTOBER 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/10/11/the-october-2022-security-update-review\n \n $python3.8 process_classify_ms_products.py # Automated classifier for Microsoft products\n \n $ python3.8 vulristics.py --report-type \"ms_patch_tuesday_extended\" --mspt-year 2022 --mspt-month \"October\" --mspt-comments-links-path \"comments_links.txt\" --rewrite-flag \"True\"\n ...\n MS PT Year: 2022\n MS PT Month: October\n MS PT Date: 2022-10-11\n MS PT CVEs found: 84\n Ext MS PT Date from: 2022-09-14\n Ext MS PT Date to: 2022-10-10\n Ext MS PT CVEs found: 21\n ALL MS PT CVEs: 105\n ...\n\nAll vulnerabilities: 105 \nUrgent: 2 \nCritical: 1 \nHigh: 29 \nMedium: 71 \nLow: 2\n\nLet's take a look at the most interesting vulnerabilities:\n\n 1. Two vulnerabilities **Remote Code Execution** - Microsoft Exchange (CVE-2022-41040, CVE-2022-41082). This is the hyped ProxyNotShell, that were disclosed on September 28. The first CVE is a **Server-Side Request Forgery (SSRF)** vulnerability, and the second one allows **Remote Code Execution (RCE)** when PowerShell is accessible to the attacker. While Microsoft was relatively [quick to acknowledge the vulnerabilities](<https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/>) and provide mitigation steps, their guidance has continually changed as the recommended rules to block attack traffic get bypassed. There were no patches for more than a month. At the same time, there are public exploits and signs of exploitation in the wild. Let's wait for patches to appear on the Microsoft website on the pages for [CVE-2022-41040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040>) and [CVE-2022-41082](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082>).\n 2. **Elevation of Privilege** - Windows COM+ Event System Service (CVE-2022-41033). This patch fixes a bug that Microsoft lists as being used in active attacks. The impact of exploitation is loss of confidentiality, integrity, and availability. Microsoft has not disclosed how the vulnerability is being exploited or if it is being exploited in targeted or more widespread attacks. They only say that the attack complexity is low and that it requires no user interaction for the attacker to be able to achieve SYSTEM privileges. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n 3. In this Patch Tuesday, there were 3 vulnerabilities for which the existence of a publicly available exploit was mentioned in the Microsoft CVSS Temporal Score (Proof-of-Concept Exploit). VM vendors didn't write much about them. But it seems to me that the existence of a non-public PoC is an important enough factor to draw attention to these vulnerabilities: **Remote Code Execution** - Windows Point-to-Point Tunneling Protocol (CVE-2022-38000), **Elevation of Privilege** - Windows Graphics Component (CVE-2022-38051), **Spoofing** - Microsoft Edge (CVE-2022-41035).\n 4. **Elevation of Privilege** - Active Directory (CVE-2022-37976). A malicious DCOM client could force a DCOM server to authenticate to it through the Active Directory Certificate Service (ADCS) and use the credential to launch a cross-protocol attack. An attacker who successfully exploited this vulnerability could gain domain administrator privileges. Exploitability Assessment: Exploitation Less Likely.\n 5. **Elevation of Privilege** - Azure Arc-enabled Kubernetes cluster Connect (CVE-2022-37968). This vulnerability has CVSSv3 score of 10, the highest possible rating. An unauthenticated attacker could exploit this vulnerability in order to gain administrative privileges for a Kubernetes cluster. While updates have been released, users that do not have auto-upgrade enabled must take action to manually upgrade Azure Arc-enabled Kubernetes clusters.\n 6. **Remote Code Execution** - Microsoft Office (CVE-2022-38048). This bug was reported to the ZDI (Zero Day Initiative) by the researcher known as \u201chades_kito\u201d and represents a rare Critical-rated Office bug. Most Office vulnerabilities are rated Important since they involve user interaction \u2013 typically opening a file. An exception to that is when the Preview Pane is an attack vector, however, Microsoft states that isn\u2019t the case here. Likely the rating results from the lack of warning dialogs when opening a specially crafted file.\n\nFull Vulristics report: [ms_patch_tuesday_october2022](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_october2022_report_with_comments_ext_img.html>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-29T08:37:59", "type": "avleonov", "title": "Microsoft Patch Tuesday October 2022: Exchange ProxyNotShell RCE, Windows COM+ EoP, AD EoP, Azure Arc Kubernetes EoP", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-37968", "CVE-2022-37976", "CVE-2022-38000", "CVE-2022-38048", "CVE-2022-38051", "CVE-2022-41033", "CVE-2022-41035", "CVE-2022-41040", "CVE-2022-41082"], "modified": "2022-10-29T08:37:59", "id": "AVLEONOV:58634A9ABF4922115976139024831EB9", "href": "https://avleonov.com/2022/10/29/microsoft-patch-tuesday-october-2022-exchange-proxynotshell-rce-windows-com-eop-ad-eop-azure-arc-kubernetes-eop/", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2022-11-01T22:16:47", "description": "### Background\n\nChromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. Google Chrome is one fast, simple, and secure browser for all your devices. Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Chromium, Google Chrome, and Microsoft Edge. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Chromium users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-106.0.5249.119\"\n \n\nAll Chromium binary users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/chromium-bin-106.0.5249.119\"\n \n\nAll Google Chrome users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/google-chrome-106.0.5249.119\"\n \n\nAll Microsoft Edge users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/microsoft-edge-106.0.1370.37\"", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-31T00:00:00", "type": "gentoo", "title": "Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3370", "CVE-2022-3373", "CVE-2022-3445", "CVE-2022-3446", "CVE-2022-3447", "CVE-2022-3448", "CVE-2022-3449", "CVE-2022-3450", "CVE-2022-41035"], "modified": "2022-10-31T00:00:00", "id": "GLSA-202210-16", "href": "https://security.gentoo.org/glsa/202210-16", "cvss": {"score": 0.0, "vector": "NONE"}}], "chrome": [{"lastseen": "2022-11-02T20:16:55", "description": "The Chrome team is delighted to announce the promotion of Chrome 106 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks.\n\n\n\nChrome 106.0.5249.61 ( Mac/linux) and 106.0.5249.61/62( Windows) contains a number of fixes and improvements -- a list of changes is available in the[ log](<https://chromium.googlesource.com/chromium/src/+log/105.0.5195.125..106.0.5249.62?pretty=fuller&n=10000>). Watch out for upcoming[ ](<https://chrome.blogspot.com/>)[Chrome](<https://chrome.blogspot.com/>) and[ Chromium](<https://blog.chromium.org/>) blog posts about new features and big efforts delivered in 106.\n\n\n\n\nSecurity Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [24](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-0-M106>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$9000][[1358907](<https://crbug.com/1358907>)] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01\n\n[$3000][[1343104](<https://crbug.com/1343104>)] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09\n\n[$TBD][[1319229](<https://crbug.com/1319229>)] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24\n\n[$TBD][[1320139](<https://crbug.com/1320139>)] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27\n\n[$TBD][[1323488](<https://crbug.com/1323488>)] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08\n\n[$7500][[1342722](<https://crbug.com/1342722>)] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08\n\n[$4000][[1348415](<https://crbug.com/1348415>)] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29\n\n[$1000][[1240065](<https://crbug.com/1240065>)] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16\n\n[$TBD][[1302813](<https://crbug.com/1302813>)] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04\n\n[$TBD][[1303306](<https://crbug.com/1303306>)] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06\n\n[$TBD][[1317904](<https://crbug.com/1317904>)] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20\n\n[$TBD][[1328708](<https://crbug.com/1328708>)] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24\n\n[$7000][[1322812](<https://crbug.com/1322812>)] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05\n\n[$5000][[1333623](<https://crbug.com/1333623>)] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07\n\n[$2000][[1300539](<https://crbug.com/1300539>)] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24\n\n[$TBD][[1318791](<https://crbug.com/1318791>)] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22\n\n[$3000][[1243802](<https://crbug.com/1243802>)]Low CVE-2022-3443:Insufficient data validation in File System API. \n\nReported by Maciej Pulikowski and Konrad Chrz\u0105szcz on 2021-08-27\n\n[$1000][[1208439](<https://crbug.com/1208439>)] Low CVE-2022-3444: Insufficient data validation in File System API. Reported by Archie Midha & Vallari Sharma on 2021-05-12\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1368115](<https://crbug.com/1368115>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://support.google.com/chrome/community>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\n\nSrinivas Sista\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-27T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-3201", "CVE-2022-3304", "CVE-2022-3305", "CVE-2022-3306", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3309", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3312", "CVE-2022-3313", "CVE-2022-3314", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-3318", "CVE-2022-3443", "CVE-2022-3444"], "modified": "2022-09-27T00:00:00", "id": "GCSA-8820382610464526564", "href": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-02T02:03:32", "description": "The Stable channel has been updated to 106.0.5249.91 for Windows,Mac and Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the [log](<https://chromium.googlesource.com/chromium/src/+log/106.0.5249.61..106.0.5249.91?pretty=fuller&n=10000>).\n\n\n\n\n Security Fixes and Rewards\n\nNote: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.\n\n\n\n\nThis update includes [3](<https://bugs.chromium.org/p/chromium/issues/list?can=1&q=type%3Abug-security+os%3DAndroid%2Cios%2Clinux%2Cmac%2Cwindows%2Call%2Cchrome+label%3ARelease-1-M106>) security fixes. Below, we highlight fixes that were contributed by external researchers. Please see the [Chrome Security Page](<https://sites.google.com/a/chromium.org/dev/Home/chromium-security>) for more information.\n\n\n\n\n[$7000][[1366813](<https://crbug.com/1366813>)] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22\n\n[$10000][[1366399](<https://crbug.com/1366399>)] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21\n\n\n\n\nWe would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel. \n\nAs usual, our ongoing internal security work was responsible for a wide range of fixes:\n\n * [[1369990](<https://crbug.com/1369990>)] Various fixes from internal audits, fuzzing and other initiatives\n\n\n\n\nMany of our security bugs are detected using [AddressSanitizer](<https://code.google.com/p/address-sanitizer/wiki/AddressSanitizer>), [MemorySanitizer](<https://code.google.com/p/memory-sanitizer/wiki/MemorySanitizer>), [UndefinedBehaviorSanitizer](<https://www.chromium.org/developers/testing/undefinedbehaviorsanitizer>), [Control Flow Integrity](<https://sites.google.com/a/chromium.org/dev/developers/testing/control-flow-integrity>), [libFuzzer](<https://sites.google.com/a/chromium.org/dev/developers/testing/libfuzzer>), or [AFL](<https://github.com/google/afl>).\n\n\n\n\nInterested in switching release channels? Find out how [here](<https://www.chromium.org/getting-involved/dev-channel>). If you find a new issue, please let us know by [filing a bug](<https://crbug.com/>). The [community help forum](<https://support.google.com/chrome/community>) is also a great place to reach out for help or learn about common issues.\n\n\n\n\n\n\n\nPrudhvikumar Bommana \n\n\nGoogle Chrome", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-30T00:00:00", "type": "chrome", "title": "Stable Channel Update for Desktop", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-3370", "CVE-2022-3373"], "modified": "2022-09-30T00:00:00", "id": "GCSA-2051179631675359832", "href": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "rapid7blog": [{"lastseen": "2022-10-11T22:01:25", "description": "![Patch Tuesday - October 2022](https://blog.rapid7.com/content/images/2022/10/patches-2.jpg)\n\nThe [October batch](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct>) of CVEs published by Microsoft includes 96 vulnerabilities, including 12 fixed earlier this month that affect the Chromium project used by their Edge browser.\n\nTop of mind for many this month is whether Microsoft would patch the two [Exchange Server zero-day vulnerabilities](<https://www.rapid7.com/blog/post/2022/09/29/suspected-post-authentication-zero-day-vulnerabilities-in-microsoft-exchange-server/>) ([CVE-2022-41040](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41040>) and [CVE-2022-41082](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41082>)) disclosed at the end of September. While Microsoft was relatively quick to acknowledge the vulnerabilities and [provide mitigation steps](<https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/>), their guidance has continually changed as the recommended rules to block attack traffic get bypassed. This whack-a-mole approach seems likely to continue until a proper patch addressing the root causes is available; unfortunately, it doesn\u2019t look like that will be happening today. Thankfully, the impact should be more limited than 2021\u2019s ProxyShell and ProxyLogon vulnerabilities due to attackers needing to be authenticated to the server for successful exploitation. Reports are also surfacing about an additional zero-day distinct from these being used in ransomware attacks; however, these have not yet been substantiated.\n\nMicrosoft did address two other zero-day vulnerabilities with today\u2019s patches. [CVE-2022-41033](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033>), an Elevation of Privilege vulnerability affecting the COM+ Event System Service in all supported versions of Windows, has been seen exploited in the wild. [CVE-2022-41043](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41043>) is an Information Disclosure vulnerability affecting Office for Mac that was publicly disclosed but not (yet) seen exploited in the wild.\n\nNine CVEs categorized as Remote Code Execution (RCE) with Critical severity were also patched today \u2013 seven of them affect the Point-to-Point Tunneling Protocol, and like those fixed last month, require an attacker to win a race condition to exploit them. [CVE-2022-38048](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38048>) affects all supported versions of Office, and [CVE-2022-41038](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41038>) could allow an attacker authenticated to SharePoint to execute arbitrary code on the server, provided the account has \u201cManage List\u201d permissions.\n\nMaxing out the CVSS base score with a 10.0 this month is [CVE-2022-37968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37968>), an Elevation of Privilege vulnerability in the Azure Arc-enabled Kubernetes cluster Connect component. It\u2019s unclear why Microsoft has assigned such a high score, given that an attacker would need to know the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster (arguably making the Attack Complexity \u201cHigh\u201d). That said, if this condition is met then an unauthenticated user could become a cluster admin and potentially gain control over the Kubernetes cluster. Users of Azure Arc and Azure Stack Edge should check whether auto-updates are turned on, and if not, upgrade manually as soon as possible.\n\n## Summary charts\n\n![Patch Tuesday - October 2022](https://blog.rapid7.com/content/images/2022/10/2022-10-vuln_count_severity.png)![Patch Tuesday - October 2022](https://blog.rapid7.com/content/images/2022/10/2022-10-vuln_count_impact.png)![Patch Tuesday - October 2022](https://blog.rapid7.com/content/images/2022/10/2022-10-cvssv3_hist.png)![Patch Tuesday - October 2022](https://blog.rapid7.com/content/images/2022/10/2022-10-vuln_count_component.png)\n\n## Summary tables\n\n### Azure vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-37968](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37968>) | Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability | No | No | 10 | Yes \n[CVE-2022-38017](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38017>) | StorSimple 8000 Series Elevation of Privilege Vulnerability | No | No | 6.8 | Yes \n[CVE-2022-35829](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35829>) | Service Fabric Explorer Spoofing Vulnerability | No | No | 6.2 | Yes \n \n### Browser vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-41035](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41035>) | Microsoft Edge (Chromium-based) Spoofing Vulnerability | No | No | 8.3 | Yes \n[CVE-2022-3373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3373>) | Chromium: CVE-2022-3373 Out of bounds write in V8 | No | No | N/A | Yes \n[CVE-2022-3370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3370>) | Chromium: CVE-2022-3370 Use after free in Custom Elements | No | No | N/A | Yes \n[CVE-2022-3317](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3317>) | Chromium: CVE-2022-3317 Insufficient validation of untrusted input in Intents | No | No | N/A | Yes \n[CVE-2022-3316](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3316>) | Chromium: CVE-2022-3316 Insufficient validation of untrusted input in Safe Browsing | No | No | N/A | Yes \n[CVE-2022-3315](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3315>) | Chromium: CVE-2022-3315 Type confusion in Blink | No | No | N/A | Yes \n[CVE-2022-3313](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3313>) | Chromium: CVE-2022-3313 Incorrect security UI in Full Screen | No | No | N/A | Yes \n[CVE-2022-3311](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3311>) | Chromium: CVE-2022-3311 Use after free in Import | No | No | N/A | Yes \n[CVE-2022-3310](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3310>) | Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs | No | No | N/A | Yes \n[CVE-2022-3308](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3308>) | Chromium: CVE-2022-3308 Insufficient policy enforcement in Developer Tools | No | No | N/A | Yes \n[CVE-2022-3307](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3307>) | Chromium: CVE-2022-3307 Use after free in Media | No | No | N/A | Yes \n[CVE-2022-3304](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-3304>) | Chromium: CVE-2022-3304 Use after free in CSS | No | No | N/A | Yes \n \n### Developer Tools vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-41034](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41034>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-41083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41083>) | Visual Studio Code Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-41032](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41032>) | NuGet Client Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-41042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41042>) | Visual Studio Code Information Disclosure Vulnerability | No | No | 7.4 | Yes \n \n### Microsoft Office vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-41038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41038>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-41036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41036>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-41037](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41037>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-38053](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38053>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-41031](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41031>) | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38048](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38048>) | Microsoft Office Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38049](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38049>) | Microsoft Office Graphics Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38001>) | Microsoft Office Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-41043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41043>) | Microsoft Office Information Disclosure Vulnerability | No | Yes | 3.3 | Yes \n \n### System Center vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-37971](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37971>) | Microsoft Windows Defender Elevation of Privilege Vulnerability | No | No | 7.1 | Yes \n \n### Windows vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-38016](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38016>) | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-38045](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38045>) | Server Service Remote Protocol Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-37984](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37984>) | Windows WLAN Service Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38003](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38003>) | Windows Resilient File System Elevation of Privilege | No | No | 7.8 | Yes \n[CVE-2022-38028](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38028>) | Windows Print Spooler Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38039](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38039>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37995](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37995>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37979](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37979>) | Windows Hyper-V Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37970](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37970>) | Windows DWM Core Library Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37980](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37980>) | Windows DHCP Client Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38050](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38050>) | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37983](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37983>) | Microsoft DWM Core Library Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37998](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37998>) | Windows Local Session Manager (LSM) Denial of Service Vulnerability | No | No | 7.7 | Yes \n[CVE-2022-37973](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37973>) | Windows Local Session Manager (LSM) Denial of Service Vulnerability | No | No | 7.7 | Yes \n[CVE-2022-38036](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38036>) | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-38027](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38027>) | Windows Storage Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-38021](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38021>) | Connected User Experiences and Telemetry Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-37974](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37974>) | Windows Mixed Reality Developer Tools Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-38046](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38046>) | Web Account Manager Information Disclosure Vulnerability | No | No | 6.2 | Yes \n[CVE-2022-37965](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37965>) | Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability | No | No | 5.9 | Yes \n[CVE-2022-37996](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37996>) | Windows Kernel Memory Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-38025](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38025>) | Windows Distributed File System (DFS) Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-38030](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38030>) | Windows USB Serial Driver Information Disclosure Vulnerability | No | No | 4.3 | Yes \n \n### Windows ESU vulnerabilities\n\nCVE | Title | Exploited? | Publicly disclosed? | CVSSv3 base score | Has FAQ? \n---|---|---|---|---|--- \n[CVE-2022-37982](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37982>) | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-38031](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38031>) | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-38040](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38040>) | Microsoft ODBC Driver Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-37976](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37976>) | Active Directory Certificate Services Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2022-30198](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30198>) | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-22035](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22035>) | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-24504](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24504>) | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-33634](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33634>) | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-38047](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38047>) | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-38000](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38000>) | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-41081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41081>) | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2022-37986](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37986>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37988](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37988>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38037](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38037>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38038](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38038>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37990](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37990>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37991](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37991>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37999](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37999>) | Windows Group Policy Preference Client Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37993](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37993>) | Windows Group Policy Preference Client Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37994](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37994>) | Windows Group Policy Preference Client Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37975>) | Windows Group Policy Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-38051](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38051>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37997](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37997>) | Windows Graphics Component Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-33635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33635>) | Windows GDI+ Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37987](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37987>) | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-37989](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37989>) | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-41033](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41033>) | Windows COM+ Event System Service Elevation of Privilege Vulnerability | Yes | No | 7.8 | Yes \n[CVE-2022-38044](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38044>) | Windows CD-ROM File System Driver Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2022-33645](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33645>) | Windows TCP/IP Driver Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-38041](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38041>) | Windows Secure Channel Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2022-34689](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-34689>) | Windows CryptoAPI Spoofing Vulnerability | No | No | 7.5 | Yes \n[CVE-2022-37978](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37978>) | Windows Active Directory Certificate Services Security Feature Bypass | No | No | 7.5 | Yes \n[CVE-2022-38042](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38042>) | Active Directory Domain Services Elevation of Privilege Vulnerability | No | No | 7.1 | Yes \n[CVE-2022-38029](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38029>) | Windows ALPC Elevation of Privilege Vulnerability | No | No | 7 | Yes \n[CVE-2022-38033](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38033>) | Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-35770](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35770>) | Windows NTLM Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2022-37977](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37977>) | Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2022-38032](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38032>) | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | No | No | 5.9 | Yes \n[CVE-2022-38043](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38043>) | Windows Security Support Provider Interface Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-37985](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37985>) | Windows Graphics Component Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-38026](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38026>) | Windows DHCP Client Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2022-38034](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38034>) | Windows Workstation Service Elevation of Privilege Vulnerability | No | No | 4.3 | Yes \n[CVE-2022-37981](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37981>) | Windows Event Logging Service Denial of Service Vulnerability | No | No | 4.3 | Yes \n[CVE-2022-38022](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-38022>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 2.5 | Yes", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-11T18:35:28", "type": "rapid7blog", "title": "Patch Tuesday - October 2022", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-22035", "CVE-2022-24504", "CVE-2022-30198", "CVE-2022-3304", "CVE-2022-3307", "CVE-2022-3308", "CVE-2022-3310", "CVE-2022-3311", "CVE-2022-3313", "CVE-2022-3315", "CVE-2022-3316", "CVE-2022-3317", "CVE-2022-33634", "CVE-2022-33635", "CVE-2022-33645", "CVE-2022-3370", "CVE-2022-3373", "CVE-2022-34689", "CVE-2022-35770", "CVE-2022-35829", "CVE-2022-37965", "CVE-2022-37968", "CVE-2022-37970", "CVE-2022-37971", "CVE-2022-37973", "CVE-2022-37974", "CVE-2022-37975", "CVE-2022-37976", "CVE-2022-37977", "CVE-2022-37978", "CVE-2022-37979", "CVE-2022-37980", "CVE-2022-37981", "CVE-2022-37982", "CVE-2022-37983", "CVE-2022-37984", "CVE-2022-37985", "CVE-2022-37986", "CVE-2022-37987", "CVE-2022-37988", "CVE-2022-37989", "CVE-2022-37990", "CVE-2022-37991", "CVE-2022-37993", "CVE-2022-37994", "CVE-2022-37995", "CVE-2022-37996", "CVE-2022-37997", "CVE-2022-37998", "CVE-2022-37999", "CVE-2022-38000", "CVE-2022-38001", "CVE-2022-38003", "CVE-2022-38016", "CVE-2022-38017", "CVE-2022-38021", "CVE-2022-38022", "CVE-2022-38025", "CVE-2022-38026", "CVE-2022-38027", "CVE-2022-38028", "CVE-2022-38029", "CVE-2022-38030", "CVE-2022-38031", "CVE-2022-38032", "CVE-2022-38033", "CVE-2022-38034", "CVE-2022-38036", "CVE-2022-38037", "CVE-2022-38038", "CVE-2022-38039", "CVE-2022-38040", "CVE-2022-38041", "CVE-2022-38042", "CVE-2022-38043", "CVE-2022-38044", "CVE-2022-38045", "CVE-2022-38046", "CVE-2022-38047", "CVE-2022-38048", "CVE-2022-38049", "CVE-2022-38050", "CVE-2022-38051", "CVE-2022-38053", "CVE-2022-41031", "CVE-2022-41032", "CVE-2022-41033", "CVE-2022-41034", "CVE-2022-41035", "CVE-2022-41036", "CVE-2022-41037", "CVE-2022-41038", "CVE-2022-41040", "CVE-2022-41042", "CVE-2022-41043", "CVE-2022-41081", "CVE-2022-41082", "CVE-2022-41083"], "modified": "2022-10-11T18:35:28", "id": "RAPID7BLOG:B37CF2E44EB6AA38B417BB09297CD3E1", "href": "https://blog.rapid7.com/2022/10/11/patch-tuesday-october-2022/", "cvss": {"score": 0.0, "vector": "NONE"}}], "qualysblog": [{"lastseen": "2022-10-19T22:05:19", "description": "* * *\n\n# **Microsoft Patch Tuesday Summary**\n\nMicrosoft has fixed 84 vulnerabilities (aka flaws) in the October 2022 update, including 13 vulnerabilities classified as **_Critical_** as they allow Elevation of Privilege (EoP), Remote Code Execution (RCE), and Spoofing. This month's Patch Tuesday fixes two (2) zero-day vulnerabilities, with one (1) actively exploited***** in attacks ([CVE-2022-41033](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41033>)*****,[ ](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134>)[CVE-2022-41043](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41043>)). Earlier this month, on October 3 and 6, 2022, Microsoft also released a total of 12 Microsoft Edge (Chromium-Based) updates, one (1) addressing Spoofing ([CVE-2022-41035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>)) ranked _**Moderate**_.\n\nMicrosoft has fixed several flaws in its software, including Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Remote Code Execution (RCE), Security Feature Bypass, Spoofing, Microsoft Edge (Chromium-based), and Microsoft Edge (Chromium-based) / Spoofing.\n\n# Microsoft Exchange _"**ProxyNotShell"**_** **Zero-Days Not Yet Addressed _(QID 50122)_\n\nUnfortunately, Microsoft has not released security updates to address **_ProxyNotShell_** which includes [two actively exploited zero-day vulnerabilities](<https://blog.qualys.com/vulnerabilities-threat-research/2022/09/30/qualys-response-to-proxynotshell-microsoft-exchange-server-zero-day-threat-using-qualys-platform>) tracked as [CVE-2022-41040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040>) and [CVE-2022-41082](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082>). \n\n[Released: October 2022 Exchange Server Security Updates](<https://techcommunity.microsoft.com/t5/exchange-team-blog/released-october-2022-exchange-server-security-updates/ba-p/3646263>) provides the following update:\n\n> **NOTE** The October 2022 SUs **_do not_** contain fixes for the zero-day vulnerabilities reported publicly on September 29, 2022 (CVE-2022-41040 and CVE-2022-41082). Please [see this blog post](<https://techcommunity.microsoft.com/t5/exchange-team-blog/customer-guidance-for-reported-zero-day-vulnerabilities-in/ba-p/3641494>) to apply mitigations for those vulnerabilities. We will release updates for CVE-2022-41040 and CVE-2022-41082 when they are ready.\n\n[Ankit Malhotra](<https://blog.qualys.com/author/amalhotra>), Manager, Signature Engineering suggests, "It's worth noting that Microsoft has had to revise the mitigation for [CVE-2022-41040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040>) more than once, as the suggested URL rewrite Mitigation was bypassed multiple times. Organizations that reacted to the ProxyShell vulnerability should also pay close attention to this, taking their lessons learned on rapid remediation, as this vulnerability can potentially see increased exploitation."\n\n* * *\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/ProxyNotShell.png)](<https://tinyl.io/79AH>)\n\n**[ProxyNotShell: Microsoft Exchange Server Zero-Day Threat Using Qualys VMDR](<https://tinyl.io/79AH>)** | [QUALYS ON-DEMAND WEBINAR](<https://tinyl.io/7A58>)\n\n[Watch Now](<https://tinyl.io/79AH>)\n\n[**Qualys Response to _ProxyNotShell_ Microsoft Exchange Server Zero-Day Threat Using Qualys Cloud Platform**](<https://tinyl.io/79AJ>) | [QUALYS BLOG](<https://blog.qualys.com/?>)\n\n* * *\n\n## **The October 2022 Microsoft Vulnerabilities are classified as follows:**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-11_MSFT-IMPACT-SEV-1-edited.png)[Microsoft Exploitability Index](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>) / [Microsoft Security Update Severity Rating System](<https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system>)\n\n* * *\n\n## Two (2) **Zero-Day Vulnerabilities Addressed**\n\nA vulnerability is classified as a **_zero-day_** if it is publicly disclosed or actively exploited with no official fix available.\n\n### [](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41033>)[CVE-2022-41033](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41033>) | Windows COM+ Event System Service Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.8/10.\n\nClassified as **_Critical_**, this issue affects an unknown function of the component COM+ Event System Service. The impact of exploitation is loss of confidentiality, integrity, and availability.\n\nMicrosoft has not disclosed how the vulnerability is being exploited or if it is being exploited in targeted or more widespread attacks. They only say that the attack complexity is low and that it requires no user interaction for the attacker to be able to achieve SYSTEM privileges.\n\nAn attacker who successfully exploited this vulnerability could gain SYSTEM privileges.\n\nPatch Installation should be considered **_Critical_**.\n\n[Saeed Abbasi](<https://blog.qualys.com/author/sabbasi>), Manager, Vulnerability Signatures adds, "This patch fixes a security vulnerability that Microsoft stated is under active attack. However, it is not clear how severe these attacks are. Due to the nature of this vulnerability, a privilege escalation that often engages some social engineering (e.g. requiring the user to open a malicious attachment), history shows that it potentially needs to be chained with a code execution bug to exploit."\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Detected_**\n\n* * *\n\n### [CVE-2022-41043](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41043>)| Microsoft Office Information Disclosure Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 3.3/10.\n\nThe type of information that could be disclosed if an attacker successfully exploited this vulnerability is user tokens and other potentially sensitive information. The impact of exploitation is loss of confidentiality.\n\nThis vulnerability demands that the victim is doing some kind of user interaction. As of the time of publishing, neither technical details nor an exploit is publicly available.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): _**Exploitation Less Likely**_\n\n* * *\n\n## **Microsoft Critical Vulnerability Highlights**\n\n### **[](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968>)[CVE-2022-37968](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968>) |** Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **10/10.\n\nMicrosoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.\n\nCustomers using Azure Stack Edge must update to the 2209 release (software version 2.2.2088.5593). Release notes for the 2209 release of Azure Stack Edge can be found here: [Azure Stack Edge 2209 release notes](<https://learn.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-2209-release-notes>).\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-37976](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>)** |** Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **8.8/10.\n\nA malicious DCOM client could coerce a DCOM server to authenticate to it through the Active Directory Certificate Service (ADCS) and use the credential to launch a cross-protocol attack.\n\nAn attacker who successfully exploited this vulnerability could gain domain administrator privileges.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-41038](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41038>)** |** Microsoft SharePoint Server Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **8.8/10.\n\nIn a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server.\n\nThe attacker must be authenticated to the target site, with permission to use Manage Lists within SharePoint.\n\n**NOTE**: Customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [CVE-2022-38048](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38048>)** |** Microsoft Office Remote Code Execution (RCE) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **7.8/10.\n\nThe word **_Remote_** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.\n\nWhen a particular vulnerability allows an attacker to execute "arbitrary code", it typically means that the bad guy can run any command on the target system the attacker chooses. [_Source_](<https://tinyl.io/7A6M>)\n\nFor example, when the score indicates that the _Attack Vector_ is _Local_ and _User Interaction_ is _Required_, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. The impact of exploitation is loss of confidentiality, integrity, and availability.\n\n**NOTE**: Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n### [CVE-2022-34689](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34689>)** |** Windows CryptoAPI Spoofing Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of** **7.5/10.\n\nAn attacker could manipulate an existing public x.509 certificate to spoof their identify and perform actions such as authentication or code signing as the targeted certificate.\n\nThe technical details are unknown, and an exploit is not publicly available. The impact is known to affect integrity.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation More Likely_**\n\n* * *\n\n## **Microsoft Release Summary**\n\nThis month\u2019s [Release Notes](<https://msrc.microsoft.com/update-guide/releaseNote/2022-Oct>) cover multiple Microsoft product families, including Azure, Browser, Developer Tools, Extended Security Updates [(ESU)](<https://docs.microsoft.com/en-us/lifecycle/faq/extended-security-updates>), Microsoft Office, System Center, and Windows.\n\nA total of 78 unique Microsoft products/versions are affected, including but not limited to .NET and .NET Core, Azure Arc-enabled Kubernetes cluster, Azure Service Fabric Explorer, Azure Stack Edge, Azure StorSimple 8000 Series, Jupyter Extension for Visual Studio Code, Microsoft 365 Apps for Enterprise, Microsoft Edge (Chromium-based), Microsoft Malware Protection Engine, Microsoft Office, Microsoft SharePoint Enterprise Server, Microsoft SharePoint Foundation, Microsoft SharePoint Server, Microsoft Visual Studio, Visual Studio and Visual Studio Code, Windows Desktop, and Windows Server.\n\nDownloads include Cumulative Updates, Monthly Rollups, Security Only, and Security Updates.\n\n* * *\n\n## **Microsoft Edge | Last But Not Least**\n\nEarlier in October 2022, Microsoft released Microsoft Edge (Chromium-based) vulnerabilities including [CVE-2022-41035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>). The vulnerability assigned to the CVE is in the Chromium Open Source Software (OSS) which is consumed by Microsoft Edge. It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. For more information, please see [Security Update Guide Supports CVEs Assigned by Industry Partners](<https://msrc-blog.microsoft.com/2021/01/13/security-update-guide-supports-cves-assigned-by-industry-partners/>).\n\n### **[](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>)[CVE-2022-41035](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41035>)** **| Microsoft Edge (Chromium-based) Spoofing Vulnerability**\n\nThis vulnerability has a CVSSv3.1 score of 8.3/10.\n\nIn a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.\n\n[Per Microsoft severity guidelines](<https://www.microsoft.com/en-us/msrc/bounty-new-edge>), the amount of user interaction or preconditions required to allow this sort of exploitation downgraded the severity. The CVSS scoring system doesn't allow for this type of nuance. **Severity: _Moderate_**\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n_Did you know? Microsoft Security Response Center (MSRC) | [Improvements in Security Update Notifications Delivery \u2013 And a New Delivery Method](<https://tinyl.io/7A6i>). _\n\n* * *\n\n# **Adobe Security Bulletins and Advisories**\n\nAdobe released four (4) [security bulletins and advisories](<https://helpx.adobe.com/security/security-bulletin.html>) with updates to fix 29 vulnerabilities affecting Adobe ColdFusion, Adobe Reader, Adobe Commerce, and Adobe Dimension applications. Of these 29 vulnerabilities, 17 are rated as **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, ten (10) are rated as Important and two (2) are rated as **_[Moderate](<https://helpx.adobe.com/security/severity-ratings.html>)_**; ranging in severity from a CVSS score of 4.4/10 to 10/10, as summarized below.\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-11_ADOBE-IMPACT-SEV-1-edited.png)\n\n* * *\n\n### [APSB22-42](<https://helpx.adobe.com/security/products/coldfusion/apsb22-44.html>)** | **Security updates available for Adobe ColdFusion\n\nThis update resolves six (6) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, six (6) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>), _**and one (1) **_[Moderate](<https://helpx.adobe.com/security/severity-ratings.html>)_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released security updates for ColdFusion versions 2021 and 2018. These updates resolve [Critical](<https://helpx.adobe.com/security/severity-ratings.html>), [Important](<https://helpx.adobe.com/security/severity-ratings.html>), and [Moderate](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities that could lead to arbitrary code execution, arbitrary file system write, security feature bypass, and privilege escalation.\n\n* * *\n\n### [APSB22-46](<https://helpx.adobe.com/security/products/acrobat/apsb22-46.html>)** | **Security update available for Adobe Acrobat and Reader\n\nThis update resolves two (2) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address [critical](<https://helpx.adobe.com/security/severity-ratings.html>) and [important](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to application denial-of-service and memory leak.\n\n* * *\n\n### [APSB22-48](<https://helpx.adobe.com/security/products/magento/apsb22-48.html>)** | **Security update available for Adobe Commerce\n\nThis update resolves two (2) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and two (2) **_[Important](<https://helpx.adobe.com/security/severity-ratings.html>)_** vulnerabilities.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves a [critical](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerability. Successful exploitation could lead to arbitrary code execution. \n\n* * *\n\n### [APSB22-57](<https://helpx.adobe.com/security/products/dimension/apsb22-57.html>)** | **Security updates available for Adobe Dimension\n\nThis update resolves eight (8) **_[Critical](<https://helpx.adobe.com/security/severity-ratings.html>)_**, and one (1) **_[Moderate](<https://helpx.adobe.com/security/severity-ratings.html>)_** vulnerability.\n\n_[Adobe Priority](<https://helpx.adobe.com/security/severity-ratings.html>): 3_\n\nAdobe has released an update for Adobe Dimension. This update addresses [critical ](<https://helpx.adobe.com/security/severity-ratings.html>)and [moderate](<https://helpx.adobe.com/security/severity-ratings.html>) vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak in the context of the current user. \n\n* * *\n\n# **About Qualys Patch Tuesday**\n\nQualys Patch Tuesday QIDs are published as [Security Alerts](<https://www.qualys.com/research/security-alerts/>) typically late in the evening on the day of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed later by the publication of the monthly queries for the [Unified Dashboard: 2022 Patch Tuesday (QID Based) Dashboard](<https://success.qualys.com/discussions/s/article/000006821>) by Noon on Wednesday.\n\n* * *\n\n## Qualys Threat Research Blog Posts **_New_**\n\nPublished in the Last 30 days; Most Recent First\n\n * [NSA Alert: Topmost CVEs Actively Exploited By People\u2019s Republic of China State-Sponsored Cyber Actors](<https://tinyl.io/79AX>)\n * [Qualys Response to ProxyNotShell Microsoft Exchange Server Zero-Day Threat Using Qualys Cloud Platform](<https://tinyl.io/79Aa>)\n\n* * *\n\n## **Qualys [Threat Protection](<https://www.qualys.com/apps/threat-protection/>) High-Rated Advisories**\n\nPublished between September 14 - October 12, 2022, Most Recent First\n\n * [Microsoft Patch Tuesday, October 2022 Edition: 84 Vulnerabilities patched including 12 Microsoft Edge (Chromium-Based), 2 Zero-days, and 13 Rated as Critical](<https://tinyl.io/79Vx>)\n * [Zimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)](<https://tinyl.io/797N>)\n * [FortiGate and FortiProxy Authentication Bypass Vulnerability on Administrative Interface (HTTP/HTTPS) (CVE-2022-40684)](<https://tinyl.io/797M>)\n * [Microsoft Exchange Server Zero-day Vulnerabilities (CVE-2022-41040 and CVE-2022-41082) (ProxyNotShell)](<https://tinyl.io/797L>)\n * [Sophos Firewall Remote Code Execution Vulnerability (CVE-2022-3236)](<https://tinyl.io/797K>)\n * [Zoho ManageEngine PAM360, Access Manager Plus, and Password Manager Pro Remote Code Execution Vulnerability (CVE-2022-35405)](<https://tinyl.io/797J>)\n * [Trend Micro Patches Multiple Vulnerabilities in Apex One (On-Premise) Including One Zero-day (CVE-2022-40139)](<https://tinyl.io/797I>)\n * [Cisco Patched Multiple Vulnerabilities in Multiple Products including NVIDIA Data Plane Development Kit](<https://tinyl.io/797H>)\n * [Apple Patches Multiple Vulnerabilities in macOS Big Sur and macOS Monterey including One Zero-day (CVE-2022-32894)](<https://tinyl.io/797G>)\n * [Microsoft Patches Vulnerabilities 79 including 16 Microsoft Edge (Chromium-Based); with 2 Zero-days and 5 Critical in Patch Tuesday, September 2022 Edition](<https://threatprotect.qualys.com/2022/09/14/microsoft-patches-vulnerabilities-79-including-16-microsoft-edge-chromium-based-with-2-zero-days-and-5-critical-in-patch-tuesday-september-2022-edition/>)\n\n* * *\n\n# **Discover and Prioritize Vulnerabilities in **[Vulnerability Management Detection Response](<https://www.qualys.com/apps/vulnerability-management-detection-response/>)** **(VMDR)\n\nQualys VMDR automatically detects new Patch Tuesday vulnerabilities using continuous updates to its KnowledgeBase (KB). \n\nYou can see all your impacted hosts by these vulnerabilities using the following QQL query:\n \n \n vulnerabilities.vulnerability:( qid:`91949` OR qid:`91950` OR qid:`91951` OR qid:`91953` OR qid:`110417` OR qid:`110418` OR qid:`377627` OR qid:`377628` ) \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-12_VMDR-1070x488.png)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [In-Depth Look Into Data-Driven Science Behind Qualys TruRisk](<https://blog.qualys.com/vulnerabilities-threat-research/2022/10/10/in-depth-look-into-data-driven-science-behind-qualys-trurisk>) **_New_**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Qualys VMDR Recognized as Best VM Solution by SC Awards 2022 & Leader by GigaOm](<https://blog.qualys.com/product-tech/2022/08/22/qualys-vmdr-recognized-as-best-vm-solution-by-sc-awards-2022-leader-by-gigaom>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [A Deep Dive into VMDR 2.0 with Qualys TruRisk\u2122](<https://blog.qualys.com/product-tech/2022/08/08/a-deep-dive-into-vmdr-2-0-with-qualys-trurisk>)\n\n* * *\n\n# **Rapid Response with **[Patch Management](<https://www.qualys.com/apps/patch-management/>) (PM)\n\nVMDR rapidly remediates Windows hosts by deploying the most relevant and applicable per-technology version patches. You can simply select respective QIDs in the Patch Catalog and filter on the \u201cMissing\u201d patches to identify and deploy the applicable, available patches with one click.\n\nThe following QQL will return the missing patches for this Patch Tuesday:\n \n \n ( qid:`91949` OR qid:`91950` OR qid:`91951` OR qid:`91953` OR qid:`110417` OR qid:`110418` OR qid:`377627` OR qid:`377628` )\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-12_PM-1070x488.png)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Why Organizations Struggle with Patch Management (and What to Do about It)](<https://tinyl.io/79TY>) **_New_**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Let Smart Automation Reduce the Risk of Zero-Day Attacks on Third-Party Applications](<https://blog.qualys.com/qualys-insights/2022/09/08/let-smart-automation-reduce-the-risk-of-zero-day-attacks-on-third-party-applications-2>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0](<https://blog.qualys.com/product-tech/2022/06/22/risk-based-remediation-powered-by-patch-management-in-qualys-vmdr-2-0>)\n\n* * *\n\n# EXECUTE Mitigation Using [Custom Assessment and Remediation](<https://tinyl.io/79UY>) (CAR) **_New_**\n\n[Qualys Custom Assessment and Remediation](<https://www.qualys.com/apps/custom-assessment-remediation/>) empowers a system administrator to quickly and easily perform configuration updates on your technology infrastructure when the current situation requires the implementation of a vendor-suggested mitigation or workaround. \n\n**_Mitigation_** refers to a setting, common configuration, or general best practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.\n\nA **_workaround_** is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn't working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. [_Source_](<https://www.techtarget.com/whatis/definition/workaround>)\n\n## Try It for Free!\n\n[Sign up now for a no-cost trial of Qualys Custom Assessment and Remediation](<https://www.qualys.com/forms/custom-assessment-remediation/>)\n\nCustomers can perform the provided mitigation steps by creating a PowerShell script and executing the script on vulnerable assets.\n\n**IMPORTANT: ** Scripts tend to change over time. Referring back to a portion of our quote from [Ankit Malhotra](<https://blog.qualys.com/author/amalhotra>) at the top of this blog, "It's worth noting that Microsoft has had to revise the mitigation for [CVE-2022-41040](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040>) more than once, as the suggested URL rewrite Mitigation was bypassed multiple times." **_Please refer to the Qualys GitHub Tuesday Patch [link](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch>) to ensure the most current version of a given [Patch Tuesday script](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch>) is in use._**\n\n### Related Blog Content:\n\nPublished in the Last 30 days; Most Recent First\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Zimbra Collaboration Suite Remote Code Execution Vulnerability (CVE-2022-41352)](<https://tinyl.io/797N>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Remediate Your Vulnerable Lenovo Systems with Qualys Custom Assessment and Remediation](<https://tinyl.io/79Y9>)\n\n### [**CVE-2022-37976**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>)** | **Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n[**GitHub Link for CVE-2022-37976 Script**](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch/2022/October/CVE-2022-37976\$ADCS%20Vulnerability\$>)\n \n \n $ServiceName = \"CertSvc\"\n $ServiceStatus = (Get-Service -Name $ServiceName).status\n if($ServiceStatus -eq \"Running\")\n {\n \n reg add \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\\" /v LegacyAuthenticationLevel /t REG_DWORD /d '5' /f | Out-Null\n \n if($?)\n {\n Write-Host \"ADCS found running. LegacyAuthenticationLevel is set to 5. Mitigation for CVE-2022-37976 has been applied as per MSRC guidelines. \"\n }\n else\n {\n Write-Host \"command failed\"\n }\n \n \n }\n else {\n Write-Host \"ADCS not running. No action required\"\n }\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/CAR_CVE-2022-37976-2-1.png)\n\n* * *\n\n### [CVE-2022-33645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33645>)** | **Windows TCP/IP Driver Denial of Service (DoS) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n[**GitHub Link for CVE-2022-33645 Script**](<https://github.com/Qualys/Custom-Assessment-and-Remediation-Script-Library/tree/main/Tuesday%20Patch/2022/October/CVE-2022-33645\$TCPIP%20Driver%20Dos%20Vulnerability\$>)\n \n \n Disable-NetAdapterBinding -Name \"*\" -ComponentID \"ms_tcpip6\"\n \n if($?)\n {\n Write-Host \"IPV6 has been disabled as part of workaround implementation. CVE-2022-33645 is now mitigated,\"\n }\n else\n {\n Write-Host \"command failed\"\n }\n \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/CAR_CVE-2022-33645.png)\n\n* * *\n\n# **EVALUATE Vendor-Suggested Mitigation with **[**Policy Compliance**](<https://www.qualys.com/forms/policy-compliance/>) (PC)\n\n[Qualys Policy Compliance Control Library](<https://vimeo.com/700790353>) makes it easy to evaluate your technology infrastructure when the current situation requires implementation validation of a vendor-suggested mitigation or workaround. \n\n**_Mitigation_** refers to a setting, common configuration, or general best practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.\n\nA **_workaround_** is a method, sometimes used temporarily, for achieving a task or goal when the usual or planned method isn't working. Information technology often uses a workaround to overcome hardware, programming, or communication problems. Once a problem is fixed, a workaround is usually abandoned. [_Source_](<https://www.techtarget.com/whatis/definition/workaround>)\n\nThe following [Qualys Policy Compliance Control IDs (CIDs), and System Defined Controls (SDC) ](<https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/module_pc/controls/controls_lp.htm>)have been updated to support Microsoft recommended mitigation(s) for this Patch Tuesday:\n\n### [**CVE-2022-37976**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37976>)** | **Active Directory Certificate Services Elevation of Privilege (EoP) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 8.8/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **4079 **Status of the 'Active Directory Certificate Service' ** **\n * **14916 **Status of Windows Services** **\n * **24842** Status of the 'LegacyAuthenticationLevel' setting\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\n### [CVE-2022-33645](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33645>)** | **Windows TCP/IP Driver Denial of Service (DoS) Vulnerability\n\nThis vulnerability has a CVSSv3.1 score of 7.5/10.\n\nPolicy Compliance Control IDs (CIDs):\n\n * **4842** Status of the 'Internet Protocol version 6 (IPv6) components' setting\n\n[Exploitability Assessment](<https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1>): **_Exploitation Less Likely_**\n\n* * *\n\nThe following QQL will return a posture assessment for the CIDs for this Patch Tuesday:\n \n \n control:( id:`4079` OR id:`4842` OR id:`14916` OR id:`24842` ) \n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/2022-10-12_PC-1070x488.png)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Prepare Your Organization for Compliance with the NYDFS Cybersecurity Regulation](<https://tinyl.io/79U7>) **_New_**\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls](<https://blog.qualys.com/vulnerabilities-threat-research/2022/08/23/mitigating-the-risk-of-zero-day-vulnerabilities-by-using-compensating-controls>)\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/06/image-4.png) [Policy Compliance (PC) | Policy Library Update Blogs](<https://notifications.qualys.com/tag/policy-library>)\n\n* * *\n\n**Patch Tuesday is Complete.**\n\n* * *\n\n# [This Month in Vulnerabilities and Patches](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>) Webinar Series \n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/03/image-1070x560.jpeg)](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\n[Subscribe Now](<https://gateway.on24.com/wcc/eh/3347108/category/97049/patch-tuesday>)\n\nThe Qualys Product Management and Threat Research team members host a monthly webinar series to help our existing customers leverage the seamless integration between [Qualys Vulnerability Management Detection Response (VMDR)](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) and [Qualys Patch Management](<https://www.qualys.com/apps/patch-management/>). Combining these two solutions can reduce the median time to remediate critical vulnerabilities. \n\nDuring the webcast, this month\u2019s Patch Tuesday high-impact vulnerabilities will be discussed. We will walk you through the necessary steps to address the key vulnerabilities using Qualys VMDR and Qualys Patch Management.\n\n* * *\n\n# UPCOMING EVENTS\n\n* * *\n\nThe content within this section will spotlight upcoming Vulnerability Management, Patch Management, Threat Protection, Custom Assessment and Remediation, and Policy Compliance adjacent events available to our prospective, new, and existing customers.\n\n## [**WEBINARS**](<https://gateway.on24.com/wcc/eh/3347108/category/91385/upcoming-webinars>)\n\n## Introducing Qualys Workshop Wednesday\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/Workshop_Wednesdays_Webinar_Twitter_600x335-edited.png)](<https://gateway.on24.com/wcc/eh/3347108/category/111238/workshop-wednesday>)\n\nAt Qualys Inc, providing cybersecurity through technology is what we do. Join us each month as we tap into the minds of Qualys experts to share how you can get the most out of your investment and understand ways in which you can quickly reduce your cyber risk exposure using the Qualys Cloud Platform. Each 45-minute monthly session, hosted on the first Wednesday of the month, will showcase practical hands-on tips and tricks, news on new capabilities and services, as well as useful customer success stories that can help you get the most out of the Qualys Cloud Platform. \n\n**Join us for the first Workshop Wednesday on Nov 2, 2022, at 9:00 AM PDT. **\n\n[Subscribe Now](<https://gateway.on24.com/wcc/eh/3347108/category/111238/workshop-wednesday>)\n\n* * *\n\n## Qualys Threat Thursdays\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/ThreatThursday2.png)](<https://gateway.on24.com/wcc/eh/3347108/category/111445/threat-thursday>)\n\n[Subscribe Now](<https://gateway.on24.com/wcc/eh/3347108/category/111445/threat-thursday>)\n\nThe Qualys Threat Research team invites you to join their regular monthly webinar series covering the latest threat intelligence analysis and insight. \n\nOctober 2022 Threat Thursday Topic is **AsyncRAT**.\n\nNever miss an update. [Subscribe Today](<https://gateway.on24.com/wcc/eh/3347108/category/111445/threat-thursday>)!\n\n[Click Here](<https://tinyl.io/79BC>) to quickly navigate to Qualys Threat Thursday blog posts.\n\n* * *\n\n## [**CONFERENCES**](<https://www.qualys.com/qsc/locations/>)\n\n[![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/QSC2022LV.png)](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821>)\n\n[Register Now](<https://www.qualys.com/qsc/2022/las-vegas/register/>)\n\n## [Qualys Annual Security Conference](<https://tinyl.io/79BB>) #QSC22\n\nQualys Security Conference (QSC) is a unique opportunity for the Qualys community to get together to hear the latest developments in cybersecurity, view the latest innovations from Qualys, trade best practices, share feedback, and learn tips and tricks on how security professionals work to keep their organizations secure.\n\n## We are pleased to announce the keynote speaker for the 2022 Qualys Annual Security Conference in Las Vegas\n\n![](https://ik.imagekit.io/qualys/wp-content/uploads/2022/10/QSC22LV-KeyNoteSpeaker2-1.png)\n\nRobert Herjavec is a globally recognized motivational, business, and cyber security leader. For the last 14 years, Robert has been well known as one of the Sharks, and executive producer of the Emmy Award-winning hit show, Shark Tank. He has served as a Cybersecurity Advisor for the Government of Canada, participated in the White House Summit on Cybersecurity, and is a member of the US Chamber of Commerce Task Force for Cybersecurity.\n\nRobert\u2019s keynote will highlight the growing importance of cybersecurity in today\u2019s world.\n\n* * *\n\n**Explore and secure the digital journey.** Dive into the profound impact of the digital journey and explore how to build security automation from the data center to the cloud. Industry experts and Qualys leaders discuss automation strategies, preview product roadmaps, listen to your challenges, and answer your questions.\n\n**Get inspired.** Engage with Qualys\u2019 customer-facing teams and your peers around best practices and user case studies for applying security automation to real-world challenges.\n\n**Sharpen your expertise. **Two days of free training cover forward-looking strategies, best practices to improve effectiveness and productivity, and core/expanded product features to up-level your security program.\n\n**Who Should Attend? **CIOs, CSOs, and CTOs; directors and managers of network, security, and cloud; developers and DevSecOps practitioners; Qualys partners and consultants; or any forward-thinking security professional.\n\n## Live **Training Sessions**\n\n## [November 7](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821#nov7>) and [November 8](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821#nov8>)\n\n* * *\n\n## Live **Conference Sessions**\n\n## [November 9](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821#nov9>) and [November 10](<https://www.qualys.com/qsc/2022/las-vegas/?utm_source=qualys-homepage&utm_medium=event&utm_campaign=homepage-banner-qsc-2022&utm_term=qsc-q4-2022&utm_content=qualys-homepage-qsc&leadsource=344572821#nov10>)\n\n_Attendance at QSC is complimentary. This includes access to all general sessions, breakout sessions, breakfast, lunch, breaks, and receptions._\n\n* * *\n\n#### #QSC22 Location and Reservation Information\n\nNovember 7-10, 2022\n\nThe Venetian Resort Las Vegas, 3355 Las Vegas Blvd. South, Las Vegas, NV 89109, US\n\n[Book your hotel here](<https://book.passkey.com/gt/218594637?gtid=9914abda1b2fe722d872e0ac3e0bdc09>) & take advantage of the discounted QSC rate of $229+ per night\n\nOr find a conference [near you](<https://www.qualys.com/qsc/locations/>).\n\n* * *\n\n## This month's blog content is the result of collaboration with and contributions from:\n\n_In order of appearance_\n\n * Quote: [Ankit Malhotra](<https://blog.qualys.com/author/amalhotra>), Manager, Signature Engineering\n * Quote: [Saeed Abbasi](<https://blog.qualys.com/author/sabbasi>), Manager, Vulnerability Signatures\n * QID Content: Arun Kethipelly, Manager, Signature Engineering\n * QID Content: Dianfang (Sabrina) Gao, Lead, QA Engineer\n * CAR Content: Mukesh Choudhary, Compliance Research Analyst\n * CAR Content: [Lavish Jhamb](<https://blog.qualys.com/author/ljhamb>), Solution Architect, Compliance Solutions\n * PC Content: Xiaoran (Alex) Dong, Manager, Compliance Signature Engineering\n * Webinars: Thomas Nuth, Senior Director, Product Marketing\n * Webinars: Nihal Adav, Email Marketing Specialist\n * #QSCLV22 Content: Anna Moraleda, Sr. Marketing Events Specialist\n\n* * *", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-10-11T20:00:00", "type": "qualysblog", "title": "October 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 13 Critical, plus 12 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 29 Vulnerabilities with 17 Critical.", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2022-30134", "CVE-2022-3236", "CVE-2022-32894", "CVE-2022-33645", "CVE-2022-34689", "CVE-2022-35405", "CVE-2022-37968", "CVE-2022-37976", "CVE-2022-38048", "CVE-2022-40139", "CVE-2022-40684", "CVE-2022-41033", "CVE-2022-41035", "CVE-2022-41038", "CVE-2022-41040", "CVE-2022-41043", "CVE-2022-41082", "CVE-2022-41352"], "modified": "2022-10-11T20:00:00", "id": "QUALYSBLOG:F062F85432853297A014064EA7A5C183", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdi": [{"lastseen": "2022-10-14T11:55:54", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DOCX files. Crafted data in a DOCX file can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-14T00:00:00", "type": "zdi", "title": "Microsoft Word DOCX File Parsing Use-After-Free Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-38048"], "modified": "2022-10-14T00:00:00", "id": "ZDI-22-1411", "href": "https://www.zerodayinitiative.com/advisories/ZDI-22-1411/", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2023-01-13T10:49:34", "description": "None\n## Summary\n\nThis security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see [Microsoft Common Vulnerabilities and Exposures CVE-2022-38048](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38048>).\n\n**Note: **To apply this security update, you must have the release version of Microsoft Office 2016 installed on the computer.\n\nBe aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2016. It doesn't apply to the Office 2016 Click-to-Run editions, such as Microsoft Office 365 Home. (See [What version of Office am I using?](<https://support.office.com/article/About-Office-What-version-of-Office-am-I-using-932788B8-A3CE-44BF-BB09-E334518B8B19>))\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB5002026>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download security update 5002026 for the 32-bit version of Office 2016](<http://www.microsoft.com/download/details.aspx?familyid=ae76574f-1853-4d53-98bb-1fcc83a2649b>)\n * [Download security update 5002026 for the 64-bit version of Office 2016](<http://www.microsoft.com/download/details.aspx?familyid=1a5f8dc8-907a-4cf9-a4c7-80978a82413e>)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Deployments - Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [3115103](<https://support.microsoft.com/kb/3115103>).\n\n### File hash information\n\nFile name| SHA256 hash \n---|--- \nmsodll40ui2016-kb5002026-fullfile-x86-glb.exe| 134F56F26B451B0ECBCC316B140847246060DB295DBE17FC0EC53BACF13C3E53 \nmsodll40ui2016-kb5002026-fullfile-x64-glb.exe| 35151642D208D164B0C018B8BC627D065EB70EAAAA174AD503A5818C1D45AD9D \n \n### File information\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.\n\n#### \n\n__\n\nFor all supported x86-based versions of Office 2016\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nmso40uires.dll| mso40uires.dll| 16.0.4684.1000| 3203824| 13-Sep-22| 06:01 \nmso40uires.dll.x86| mso40uires.dll| 16.0.4684.1000| 3203824| 13-Sep-22| 05:57 \nmso40uiwin32client.dll.x64| mso40uiwin32client.dll| 16.0.5365.1000| 9361808| 15-Sep-22| 04:45 \nmso40uiwin32client.dll.x86| mso40uiwin32client.dll| 16.0.5365.1000| 7435176| 15-Sep-22| 04:48 \n \n#### \n\n__\n\nFor all supported x64-based versions of Office 2016\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nconversion.office.mso40uires.dll| mso40uires.dll| 16.0.4666.1000| 3203816| | \nmso40uires.dll| mso40uires.dll| 16.0.4666.1000| 3203816| 13-Sep-22| 05:47 \nppt.conversion.mso40uires.dll| mso40uires.dll| 16.0.4666.1000| 3203816| | \nppt.edit.mso40uires.dll| mso40uires.dll| 16.0.4666.1000| 3203816| | \nwac.office.mso40uires.dll| mso40uires.dll| 16.0.4666.1000| 3203816| | \nmso40uires.dll| mso40uires.dll| 16.0.4684.1000| 3203824| 13-Sep-22| 05:47 \nmso40uires.dll.x86| mso40uires.dll| 16.0.4684.1000| 3203824| 13-Sep-22| 05:57 \nmso40uiwin32client.dll.x64| mso40uiwin32client.dll| 16.0.5365.1000| 9361808| 15-Sep-22| 04:45 \nmso40uiwin32client.dll.x86| mso40uiwin32client.dll| 16.0.5365.1000| 7435176| 15-Sep-22| 04:48 \n \n## Information about protection and security\n\nProtect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151>)Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-10-11T07:00:00", "type": "mskb", "title": "Description of the security update for Office 2016: October 11, 2022 (KB5002026)", "bulletinFamily": "microsoft", "cvss2": {}, "cvelist": ["CVE-2022-38048"], "modified": "2022-10-11T07:00:00", "id": "KB5002026", "href": "https://support.microsoft.com/en-us/help/5002026", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-13T10:51:43", "description": "None\n## Summary\n\nThis security update resolves a Microsoft Office remote code execution vulnerability. To learn more about the vulnerability, see [Microsoft Common Vulnerabilities and Exposures CVE-2022-38048](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-38048>).\n\n**Note: **To apply this security update, you must have the release version of Microsoft Office 2016 installed on the computer.\n\nBe aware that the update in the Microsoft Download Center applies to the Microsoft Installer (.msi)-based edition of Office 2016. It doesn't apply to the Office 2016 Click-to-Run editions, such as Microsoft Office 365 Home. (See [What version of Office am I using?](<https://support.office.com/article/About-Office-What-version-of-Office-am-I-using-932788B8-A3CE-44BF-BB09-E334518B8B19>))\n\n## How to get and install the update\n\n### Method 1: Microsoft Update\n\nThis update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see [Windows Update: FAQ](<https://support.microsoft.com/help/12373/windows-update-faq>).\n\n### Method 2: Microsoft Update Catalog\n\nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/Search.aspx?q=KB5002288>) website.\n\n### Method 3: Microsoft Download Center\n\nYou can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.\n\n * [Download security update 5002288 for the 32-bit version of Office 2016](<http://www.microsoft.com/download/details.aspx?familyid=588dcbf5-5171-408d-aa42-69f68c3d7293>)\n * [Download security update 5002288 for the 64-bit version of Office 2016](<http://www.microsoft.com/download/details.aspx?familyid=a8407b0b-df5f-4378-9d52-b907eee42cf0>)\n\n## More information\n\n### Security update deployment information\n\nFor deployment information about this update, see [Deployments - Security Update Guide](<https://msrc.microsoft.com/update-guide/deployments>).\n\n### Security update replacement information\n\nThis security update replaces previously released security update [5002178](<https://support.microsoft.com/kb/5002178>).\n\n### File hash information\n\nFile name| SHA256 hash \n---|--- \nmso2016-kb5002288-fullfile-x86-glb.exe| 97E7896D7817FC39F1EAA6FF13F4094CB96B16BE69FD2B0170610F0C05A0BCD1 \nmso2016-kb5002288-fullfile-x64-glb.exe| 769DC4095AA7C69EC8F7B8F84F238CE34AE20CD1B93836F52F81D39546C68563 \n \n### File information\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). The dates and times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and times may change when you perform certain operations on the files.\n\n#### \n\n__\n\nFor all supported x86-based versions of Office 2016\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nfirstrun.exe| firstrun.exe| 16.0.5149.1000| 774440| 13-Sep-22| 06:01 \nmsointl.dll.x86.1025| msointl.dll| 16.0.4927.1000| 3287904| 14-Sep-22| 01:51 \nmsointl.dll.x86.1026| msointl.dll| 16.0.4927.1000| 1886048| 14-Sep-22| 01:51 \nmsointl.dll.x86.1027| msointl.dll| 16.0.4927.1000| 1817952| 14-Sep-22| 02:13 \nmsointl.dll.x86.1029| msointl.dll| 16.0.4927.1000| 1928032| 14-Sep-22| 01:51 \nmsointl.dll.x86.1030| msointl.dll| 16.0.4927.1000| 1758040| 14-Sep-22| 01:51 \nmsointl.dll.x86.1031| msointl.dll| 16.0.4927.1000| 1948216| 14-Sep-22| 01:51 \nmsointl.dll.x86.1032| msointl.dll| 16.0.4927.1000| 2057048| 14-Sep-22| 01:51 \nmsointl.dll.x86.3082| msointl.dll| 16.0.4927.1000| 1826360| 14-Sep-22| 01:52 \nmsointl.dll.x86.1061| msointl.dll| 16.0.4927.1000| 1731664| 14-Sep-22| 01:52 \nmsointl.dll.x86.1069| msointl.dll| 16.0.4927.1000| 1740640| 14-Sep-22| 02:13 \nmsointl.dll.x86.1035| msointl.dll| 16.0.4927.1000| 1738504| 14-Sep-22| 01:52 \nmsointl.dll.x86.1036| msointl.dll| 16.0.4927.1000| 1975360| 14-Sep-22| 01:52 \nmsointl.dll.x86.1110| msointl.dll| 16.0.4927.1000| 1774648| 14-Sep-22| 02:13 \nmsointl.dll.x86.1095| msointl.dll| 16.0.4927.1000| 1830688| 14-Sep-22| 02:13 \nmsointl.dll.x86.1037| msointl.dll| 16.0.4927.1000| 2907936| 14-Sep-22| 01:52 \nmsointl.dll.x86.1081| msointl.dll| 16.0.4927.1000| 1952312| 14-Sep-22| 01:52 \nmsointl.dll.x86.1050| msointl.dll| 16.0.4927.1000| 1742088| 14-Sep-22| 01:52 \nmsointl.dll.x86.1038| msointl.dll| 16.0.4927.1000| 1951584| 14-Sep-22| 01:52 \nmsointl.dll.x86.1057| msointl.dll| 16.0.4927.1000| 1621848| 14-Sep-22| 01:52 \nmsointl.dll.x86.1040| msointl.dll| 16.0.4927.1000| 1766240| 14-Sep-22| 01:52 \nmsointl.dll.x86.1041| msointl.dll| 16.0.4927.1000| 2012512| 14-Sep-22| 01:51 \nmsointl.dll.x86.1087| msointl.dll| 16.0.4927.1000| 2103648| 14-Sep-22| 01:52 \nmsointl.dll.x86.1099| msointl.dll| 16.0.4927.1000| 1940320| 14-Sep-22| 02:14 \nmsointl.dll.x86.1042| msointl.dll| 16.0.4927.1000| 2768736| 14-Sep-22| 01:52 \nmsointl.dll.x86.1063| msointl.dll| 16.0.4927.1000| 1845808| 14-Sep-22| 01:52 \nmsointl.dll.x86.1062| msointl.dll| 16.0.4927.1000| 1832016| 14-Sep-22| 01:52 \nmsointl.dll.x86.1086| msointl.dll| 16.0.4927.1000| 1649232| 14-Sep-22| 01:52 \nmsointl.dll.x86.1044| msointl.dll| 16.0.4927.1000| 1721624| 14-Sep-22| 01:52 \nmsointl.dll.x86.1043| msointl.dll| 16.0.4927.1000| 1771264| 14-Sep-22| 01:52 \nmsointl.dll.x86.1045| msointl.dll| 16.0.4927.1000| 1917280| 14-Sep-22| 01:52 \nmsointl.dll.x86.1046| msointl.dll| 16.0.4927.1000| 1829656| 14-Sep-22| 01:52 \nmsointl.dll.x86.2070| msointl.dll| 16.0.4927.1000| 1836312| 14-Sep-22| 01:52 \nmsointl.dll.x86.1048| msointl.dll| 16.0.4927.1000| 1963064| 14-Sep-22| 01:52 \nmsointl.dll.x86.1049| msointl.dll| 16.0.4927.1000| 1904384| 14-Sep-22| 01:52 \nmsointl.dll.x86.1051| msointl.dll| 16.0.4927.1000| 1971552| 14-Sep-22| 01:52 \nmsointl.dll.x86.1060| msointl.dll| 16.0.4927.1000| 1807712| 14-Sep-22| 01:52 \nmsointl.dll.x86.2074| msointl.dll| 16.0.4927.1000| 1765936| 14-Sep-22| 01:52 \nmsointl.dll.x86.9242| msointl.dll| 16.0.4927.1000| 1794912| 14-Sep-22| 01:52 \nmsointl.dll.x86.1053| msointl.dll| 16.0.4927.1000| 1734912| 14-Sep-22| 01:52 \nmsointl.dll.x86.1054| msointl.dll| 16.0.4927.1000| 1827376| 14-Sep-22| 01:52 \nmsointl.dll.x86.1055| msointl.dll| 16.0.4927.1000| 1998680| 14-Sep-22| 01:52 \nmsointl.dll.x86.1058| msointl.dll| 16.0.4927.1000| 1891896| 14-Sep-22| 01:52 \nmsointl.dll.x86.1066| msointl.dll| 16.0.4927.1000| 2005552| 14-Sep-22| 01:52 \nmsointl.dll.x86.2052| msointl.dll| 16.0.4927.1000| 2321704| 14-Sep-22| 01:52 \nmsointl.dll.x86.1028| msointl.dll| 16.0.4927.1000| 2329384| 14-Sep-22| 01:52 \nmsores.dll| msores.dll| 16.0.4795.1000| 81683304| 13-Sep-22| 06:01 \nmsores.dll.x86| msores.dll| 16.0.4795.1000| 81683304| 13-Sep-22| 05:57 \nmso.dll.x86| mso.dll| 16.0.5365.1000| 14426040| 15-Sep-22| 04:53 \nmsointl.dll.x86.1033| msointl.dll| 16.0.4927.1000| 1539640| 13-Sep-22| 05:54 \n \n#### \n\n__\n\nFor all supported x64-based versions of Office 2016\n\nFile identifier| File name| File version| File size| Date| Time \n---|---|---|---|---|--- \nfirstrun.exe| firstrun.exe| 16.0.5149.1000| 816928| 13-Sep-22| 05:55 \nmsointl.dll.x64.1025| msointl.dll| 16.0.5365.1000| 3326904| 15-Sep-22| 05:24 \nmsointl.dll.x64.1026| msointl.dll| 16.0.5365.1000| 1912248| 15-Sep-22| 04:56 \nmsointl.dll.x64.1027| msointl.dll| 16.0.5365.1000| 1844112| 15-Sep-22| 05:15 \nmsointl.dll.x64.1029| msointl.dll| 16.0.5365.1000| 1954232| 15-Sep-22| 05:24 \nmsointl.dll.x64.1030| msointl.dll| 16.0.5365.1000| 1784208| 15-Sep-22| 05:24 \nmsointl.dll.x64.1031| msointl.dll| 16.0.5365.1000| 1974672| 15-Sep-22| 05:23 \nmsointl.dll.x64.1032| msointl.dll| 16.0.5365.1000| 2083728| 15-Sep-22| 05:24 \nmsointl.dll.x64.3082| msointl.dll| 16.0.5365.1000| 1852816| 15-Sep-22| 05:23 \nmsointl.dll.x64.1061| msointl.dll| 16.0.5365.1000| 1757624| 15-Sep-22| 04:56 \nmsointl.dll.x64.1069| msointl.dll| 16.0.5365.1000| 1766800| 15-Sep-22| 05:15 \nmsointl.dll.x64.1035| msointl.dll| 16.0.5365.1000| 1764752| 15-Sep-22| 05:24 \nmsointl.dll.x64.1036| msointl.dll| 16.0.5365.1000| 2001352| 15-Sep-22| 05:23 \nmsointl.dll.x64.1110| msointl.dll| 16.0.5365.1000| 1801128| 15-Sep-22| 05:16 \nmsointl.dll.x64.1095| msointl.dll| 16.0.5365.1000| 1856952| 15-Sep-22| 05:16 \nmsointl.dll.x64.1037| msointl.dll| 16.0.5365.1000| 2946936| 15-Sep-22| 05:24 \nmsointl.dll.x64.1081| msointl.dll| 16.0.5365.1000| 1978808| 15-Sep-22| 05:24 \nmsointl.dll.x64.1050| msointl.dll| 16.0.5365.1000| 1768360| 15-Sep-22| 05:24 \nmsointl.dll.x64.1038| msointl.dll| 16.0.5365.1000| 1977784| 15-Sep-22| 04:56 \nmsointl.dll.x64.1057| msointl.dll| 16.0.5365.1000| 1648056| 15-Sep-22| 04:56 \nmsointl.dll.x64.1040| msointl.dll| 16.0.5365.1000| 1792936| 15-Sep-22| 05:23 \nmsointl.dll.x64.1041| msointl.dll| 16.0.5365.1000| 2038712| 15-Sep-22| 05:23 \nmsointl.dll.x64.1087| msointl.dll| 16.0.5365.1000| 2130360| 15-Sep-22| 05:24 \nmsointl.dll.x64.