A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8054 advisory.

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web     content may lead to arbitrary code execution. (CVE-2022-22624)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously     crafted web content may lead to arbitrary code execution. (CVE-2022-22628)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey     12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)

  - A cookie management issue was addressed with improved state management. This issue is fixed in Security     Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose     sensitive user information. (CVE-2022-22662)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,     watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to code execution. (CVE-2022-26700)

  - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,     iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2022-26709)

  - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and     iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may     lead to arbitrary code execution. (CVE-2022-26710)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,     iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)

  - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,     watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)

  - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in     WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
    (CVE-2022-30293)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8054 advisory.

  - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,     iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)

  - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,     watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey     12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)

  - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in     WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
    (CVE-2022-30293)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously     crafted web content may lead to arbitrary code execution. (CVE-2022-22628)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,     watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to code execution. (CVE-2022-26700)

  - A cookie management issue was addressed with improved state management. This issue is fixed in Security     Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose     sensitive user information. (CVE-2022-22662)

  - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and     iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may     lead to arbitrary code execution. (CVE-2022-26710)

  - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,     iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2022-26709)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web     content may lead to arbitrary code execution. (CVE-2022-22624)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8054 advisory.

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web     content may lead to arbitrary code execution. (CVE-2022-22624)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously     crafted web content may lead to arbitrary code execution. (CVE-2022-22628)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey     12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)

  - A cookie management issue was addressed with improved state management. This issue is fixed in Security     Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose     sensitive user information. (CVE-2022-22662)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,     watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to code execution. (CVE-2022-26700)

  - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,     iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2022-26709)

  - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and     iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may     lead to arbitrary code execution. (CVE-2022-26710)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5,     iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2022-26716, CVE-2022-26719)

  - A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5,     watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-26717)

  - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in     WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
    (CVE-2022-30293)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7704 advisory.

  - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in     WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
    (CVE-2022-30293)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web     content may lead to arbitrary code execution. (CVE-2022-22624)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously     crafted web content may lead to arbitrary code execution. (CVE-2022-22628)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey     12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)

  - A cookie management issue was addressed with improved state management. This issue is fixed in Security     Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose     sensitive user information. (CVE-2022-22662)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8054 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    Security Fix(es):

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)

    * webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)

    * webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)

    * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)

    * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)

    * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)

    * webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary     code execution (CVE-2022-30293)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7704 advisory.

    glib2     [2.56.4-159.0.1]
    - Rebuild with python 36 [Orabug: 34701176]

    [2.56.4-159]
    - Add --interface-info-[body|header] modes to gdbus-codegen
    - Related: #2061994

    webkit2gtk3

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7704 advisory.

    WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

    GLib provides the core application building blocks for libraries and applications written in C. It     provides the core object system used in GNOME, the main loop implementation, and a large set of utility     functions for strings and common data structures.

    Security Fix(es):

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)

    * webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)

    * webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)

    * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)

    * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)

    * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)

    * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)

    * webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary     code execution (CVE-2022-30293)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7704 advisory.

  - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624, CVE-2022-22628,     CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)

  - webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)

  - webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)

  - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700, CVE-2022-26716,     CVE-2022-26719)

  - webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code     execution (CVE-2022-30293)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202208-39 (WebKitGTK+: Multiple Vulnerabilities)

  - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and     iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted     mail message may lead to running arbitrary javascript. (CVE-2022-22589)

  - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and     iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web     content may lead to arbitrary code execution. (CVE-2022-22590)

  - A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS     15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content     may prevent Content Security Policy from being enforced. (CVE-2022-22592)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8).
    Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a     report that this issue may have been actively exploited.. (CVE-2022-22620)

  - A cookie management issue was addressed with improved state management. This issue is fixed in Security     Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose     sensitive user information. (CVE-2022-22662)

  - Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to     potentially exploit heap corruption via a crafted HTML page. (CVE-2022-2294)

  - In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in     WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp.
    (CVE-2022-30293)

  - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-30293. Reason: This candidate is a     duplicate of CVE-2022-30293. Notes: All CVE users should reference CVE-2022-30293 instead of this     candidate. All references and descriptions in this candidate have been removed to prevent accidental     usage. (CVE-2022-30294)

  - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS     15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content     may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively     exploited. (CVE-2022-32893)

  - A use after free issue was addressed with improved memory management. (CVE-2022-22624, CVE-2022-22628,     CVE-2022-26709, CVE-2022-26710, CVE-2022-26717)

  - A buffer overflow issue was addressed with improved memory handling. (CVE-2022-22629)

  - A logic issue in the handling of concurrent media was addressed with improved state handling.
    (CVE-2022-22677)

  - A memory corruption issue was addressed with improved state management. (CVE-2022-26700, CVE-2022-26716,     CVE-2022-26719)

  - The issue was addressed with improved UI handling. (CVE-2022-32784)

  - An out-of-bounds write issue was addressed with improved input validation. (CVE-2022-32792)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1677-1 advisory.

  - A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed     in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be     able to track sensitive user information. (CVE-2022-22594)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web     content may lead to arbitrary code execution. (CVE-2022-22624)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously     crafted web content may lead to arbitrary code execution. (CVE-2022-22628)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey     12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3,     Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected     cross-origin behavior. (CVE-2022-22637)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1511-1 advisory.

  - A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed     in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be     able to track sensitive user information. (CVE-2022-22594)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web     content may lead to arbitrary code execution. (CVE-2022-22624)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously     crafted web content may lead to arbitrary code execution. (CVE-2022-22628)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey     12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3,     Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected     cross-origin behavior. (CVE-2022-22637)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5394-1 advisory.

    A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user     were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related     to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary     code execution.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1431-1 advisory.

  - A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed     in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be     able to track sensitive user information. (CVE-2022-22594)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web     content may lead to arbitrary code execution. (CVE-2022-22624)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS     Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously     crafted web content may lead to arbitrary code execution. (CVE-2022-22628)

  - A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey     12.3, Safari 15.4, watchOS 8.5, iTunes 12.12.3 for Windows, iOS 15.4 and iPadOS 15.4, tvOS 15.4.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-22629)

  - A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3,     Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. A malicious website may cause unexpected     cross-origin behavior. (CVE-2022-22637)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is running a version of macOS / Mac OS X that is 12.x prior to 12.3 Monterey. It is, therefore, affected by multiple vulnerabilities, including the following:
  - A use after free issue was addressed with improved memory management. Successful exploitation could   result in arbitrary code execution with kernel privileges (CVE-2022-22614). 

  - A logic issue was addressed with improved state management. Successful exploitation could result in   privilege escalation (CVE-2022-22632).

  - A null pointer dereference was addressed with improved validation. Successful exploitation could   result in a denial of service condition. (CVE-2022-22638).

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

The version of Apple iOS running on the mobile device is prior to 15.4. It is, therefore, affected by multiple vulnerabilities.

The version of Apple iTunes installed on the remote Windows host is prior to 12.12.3. It is, therefore, affected by multiple vulnerabilities as referenced in the HT213188 advisory.

  - Processing a maliciously crafted image may lead to arbitrary code execution (CVE-2022-22611)

  - Processing a maliciously crafted image may lead to heap corruption (CVE-2022-22612)

  - Processing maliciously crafted web content may disclose sensitive user information (CVE-2022-22662)

  - Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22629)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
185026	Rocky Linux 9 : webkit2gtk3 (RLSA-2022:8054)	Nessus	Rocky Linux Local Security Checks	high
168097	Oracle Linux 9 : webkit2gtk3 (ELSA-2022-8054)	Nessus	Oracle Linux Local Security Checks	high
168001	AlmaLinux 9 : webkit2gtk3 (ALSA-2022:8054)	Nessus	Alma Linux Local Security Checks	high
167812	Rocky Linux 8 : webkit2gtk3 (RLSA-2022:7704)	Nessus	Rocky Linux Local Security Checks	high
167607	RHEL 9 : webkit2gtk3 (RHSA-2022:8054)	Nessus	Red Hat Local Security Checks	high
167533	Oracle Linux 8 : webkit2gtk3 (ELSA-2022-7704)	Nessus	Oracle Linux Local Security Checks	high
167169	RHEL 8 : webkit2gtk3 (RHSA-2022:7704)	Nessus	Red Hat Local Security Checks	high
167122	CentOS 8 : webkit2gtk3 (CESA-2022:7704)	Nessus	CentOS Local Security Checks	high
164535	GLSA-202208-39 : WebKitGTK+: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
161238	SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2022:1677-1)	Nessus	SuSE Local Security Checks	high
160490	SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:1511-1)	Nessus	SuSE Local Security Checks	high
160307	Ubuntu 20.04 LTS : WebKitGTK vulnerabilities (USN-5394-1)	Nessus	Ubuntu Local Security Checks	high
160279	SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2022:1431-1)	Nessus	SuSE Local Security Checks	high
159106	macOS 12.x < 12.3 (HT213183)	Nessus	MacOS X Local Security Checks	critical
158972	Apple iOS < 15.4 Multiple Vulnerabilities (HT213182)	Nessus	Mobile Devices	critical
158931	Apple iTunes < 12.12.3 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
158930	Apple iTunes < 12.12.3 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high

Detections

Analytics

CVE-2022-22629

high

Tenable Plugins

high

high

high

high

high

high

high

high

critical

high

high

high

high

critical

critical

high

high