Details of VAR-202210-1526

ID

VAR-202210-1526

CVE

CVE-2022-42799

TITLE

Apple macOS Big Sur and macOS Monterey Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202210-1660

DESCRIPTION

The issue was addressed with improved UI handling. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, Safari 16.1, iOS 16.1 and iPadOS 16. Visiting a malicious website may lead to user interface spoofing. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: webkit2gtk3 security and bug fix update Advisory ID: RHSA-2023:2256-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2256 Issue date: 2023-05-09 CVE Names: CVE-2022-32886 CVE-2022-32888 CVE-2022-32923 CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 CVE-2022-42826 CVE-2022-42852 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVE-2023-23517 CVE-2023-23518 CVE-2023-25358 CVE-2023-25360 CVE-2023-25361 CVE-2023-25362 CVE-2023-25363 ==================================================================== 1. Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: webkit2gtk3-2.38.5-1.el9.src.rpm aarch64: webkit2gtk3-2.38.5-1.el9.aarch64.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.aarch64.rpm webkit2gtk3-debugsource-2.38.5-1.el9.aarch64.rpm webkit2gtk3-devel-2.38.5-1.el9.aarch64.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.aarch64.rpm webkit2gtk3-jsc-2.38.5-1.el9.aarch64.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.aarch64.rpm ppc64le: webkit2gtk3-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-debugsource-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-devel-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-jsc-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.ppc64le.rpm s390x: webkit2gtk3-2.38.5-1.el9.s390x.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.s390x.rpm webkit2gtk3-debugsource-2.38.5-1.el9.s390x.rpm webkit2gtk3-devel-2.38.5-1.el9.s390x.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.s390x.rpm webkit2gtk3-jsc-2.38.5-1.el9.s390x.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.s390x.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.s390x.rpm x86_64: webkit2gtk3-2.38.5-1.el9.i686.rpm webkit2gtk3-2.38.5-1.el9.x86_64.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.i686.rpm webkit2gtk3-debuginfo-2.38.5-1.el9.x86_64.rpm webkit2gtk3-debugsource-2.38.5-1.el9.i686.rpm webkit2gtk3-debugsource-2.38.5-1.el9.x86_64.rpm webkit2gtk3-devel-2.38.5-1.el9.i686.rpm webkit2gtk3-devel-2.38.5-1.el9.x86_64.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.i686.rpm webkit2gtk3-devel-debuginfo-2.38.5-1.el9.x86_64.rpm webkit2gtk3-jsc-2.38.5-1.el9.i686.rpm webkit2gtk3-jsc-2.38.5-1.el9.x86_64.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.i686.rpm webkit2gtk3-jsc-debuginfo-2.38.5-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.i686.rpm webkit2gtk3-jsc-devel-2.38.5-1.el9.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.i686.rpm webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-32886 https://access.redhat.com/security/cve/CVE-2022-32888 https://access.redhat.com/security/cve/CVE-2022-32923 https://access.redhat.com/security/cve/CVE-2022-42799 https://access.redhat.com/security/cve/CVE-2022-42823 https://access.redhat.com/security/cve/CVE-2022-42824 https://access.redhat.com/security/cve/CVE-2022-42826 https://access.redhat.com/security/cve/CVE-2022-42852 https://access.redhat.com/security/cve/CVE-2022-42863 https://access.redhat.com/security/cve/CVE-2022-42867 https://access.redhat.com/security/cve/CVE-2022-46691 https://access.redhat.com/security/cve/CVE-2022-46692 https://access.redhat.com/security/cve/CVE-2022-46698 https://access.redhat.com/security/cve/CVE-2022-46699 https://access.redhat.com/security/cve/CVE-2022-46700 https://access.redhat.com/security/cve/CVE-2023-23517 https://access.redhat.com/security/cve/CVE-2023-23518 https://access.redhat.com/security/cve/CVE-2023-25358 https://access.redhat.com/security/cve/CVE-2023-25360 https://access.redhat.com/security/cve/CVE-2023-25361 https://access.redhat.com/security/cve/CVE-2023-25362 https://access.redhat.com/security/cve/CVE-2023-25363 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-24-1 iOS 16.1 and iPadOS 16 iOS 16.1 and iPadOS 16 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213489. AppleMobileFileIntegrity Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to modify protected parts of the file system Description: This issue was addressed by removing additional entitlements. CVE-2022-42825: Mickey Jin (@patch1t) AVEVideoEncoder Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved bounds checks. CVE-2022-32940: ABC Research s.r.o. CFNetwork Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A certificate validation issue existed in the handling of WKWebView. CVE-2022-42813: Jonathan Zhang of Open Computing Facility (ocf.berkeley.edu) Core Bluetooth Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to record audio using a pair of connected AirPods Description: This issue was addressed with improved entitlements. CVE-2022-32946: Guilherme Rambo of Best Buddy Apps (rambo.codes) GPU Drivers Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32947: Asahi Lina (@LinaAsahi) IOHIDFamily Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may cause unexpected app termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs IOKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42806: Tingting Yin of Tsinghua University Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32924: Ian Beer of Google Project Zero Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A remote user may be able to cause kernel code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-42808: Zweig of Kunlun Lab Kernel Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-42827: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-42829: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-42830: an anonymous researcher ppp Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app with root privileges may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-42831: an anonymous researcher CVE-2022-42832: an anonymous researcher Sandbox Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake Shortcuts Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: A shortcut may be able to check the existence of an arbitrary path on the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of Computer Science of. Romania WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Visiting a malicious website may lead to user interface spoofing Description: The issue was addressed with improved UI handling. WebKit Bugzilla: 243693 CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun) WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. WebKit Bugzilla: 244622 CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs WebKit Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 245058 CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University, Dohyun Lee (@l33d0hyun) of DNSLab at Korea University WebKit PDF Available for: iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, iPad mini 5th generation and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 242781 CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend Micro Zero Day Initiative Additional recognition iCloud We would like to acknowledge Tim Michaud (@TimGMichaud) of Moveworks.ai for their assistance. Kernel We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud (@TimGMichaud) of Moveworks.ai, Tommy Muir (@Muirey03) for their assistance. WebKit We would like to acknowledge Maddie Stone of Google Project Zero, Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an anonymous researcher for their assistance. All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNW0WIACgkQ4RjMIDke NxmuNw/4m3JXuBK+obHVvyb4tGoeHKNZtJi/tHr0gDMtDjr5pIlXdl2wX99eLzoG D2Dj4YtMnUhqEgQVKVcnzxQuhmdHK21TmqgWi+kHNyg0plKX0mj+1222/qjtZOdf FgCHKsR0LVLDpgjthvA9WYqwbfOMmXvSS4sEHaeSIdo+8R68GcV9yJQ98hWsxqeh YPzZ8RqtkuzeeYVD8jaxVW6l7lQ37puQ3romivRe46Wi36nkYG6wifggWMSKmeNZ 9CVs/3GT294l9GnjuIHaM2WfnHzYSEQY/eqP34SQ96UPClpJF2afBCRd3eOl8ov1 hgyhjtfJCqqfb9uzXj0ciFrLFdn8xLxsY7L+RSOwtLz0zSTfwAkAEDnL7i5EBkwn 7a2l/r6bb/W7IOC67fQWZi33SkpGPJF51oT3PLOh1RyeRFE+NYd4hMMAIo8Bg4eZ 45aAh2L7ak1T6V4PnUuG+o51oQKKRH1b/MTamVyFWffT2uX8w+hrdDVifd/K/jmD auFkibGQBmO/VWe6f5lKsDQeq5RIax6OBs8LkZQ3EMIHi9De4s5WIlPakm4qYCLW QXQKlEi8p3BI4d5kckcXjdtwRp8QiJLinq9rZFzq5U5nQ2Z4KucHrMO0h5Frqisa KsmkMjSKuPPT5GTap9Z5BVJVSOADx0hTExUE1cGBESCtnmaXrw== =3Dgs -----END PGP SIGNATURE----- . Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Safari 16.1 may be obtained from the Mac App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5273-1 security@debian.org https://www.debian.org/security/ Alberto Garcia November 08, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2022-42799 CVE-2022-42823 CVE-2022-42824 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42799 Jihwan Kim and Dohyun Lee discovered that visiting a malicious website may lead to user interface spoofing. For the stable distribution (bullseye), these problems have been fixed in version 2.38.2-1~deb11u1. We recommend that you upgrade your webkit2gtk packages

Trust: 1.71

sources: NVD: CVE-2022-42799 // VULHUB: VHN-439580 // PACKETSTORM: 172241 // PACKETSTORM: 169586 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595 // PACKETSTORM: 169607 // PACKETSTORM: 169795 // PACKETSTORM: 169794

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	16.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	9.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	16.1	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	16.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	13.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	16.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	37	Trust: 1.0

sources: NVD: CVE-2022-42799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-42799
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202210-1660
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-42799
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202210-1660 // NVD: CVE-2022-42799

PROBLEMTYPE DATA

problemtype:

CWE-1021

Trust: 1.0

sources: NVD: CVE-2022-42799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202210-1660

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202210-1660

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-439580

PATCH

title:

Apple macOS Big Sur and macOS Monterey Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=212488

Trust: 0.6

sources: CNNVD: CNNVD-202210-1660

EXTERNAL IDS

db:	NVD	id:	CVE-2022-42799	Trust: 2.5
db:	OPENWALL	id:	OSS-SECURITY/2022/11/04/4	Trust: 1.7
db:	PACKETSTORM	id:	169607	Trust: 0.7
db:	PACKETSTORM	id:	169795	Trust: 0.7
db:	AUSCERT	id:	ESB-2022.6029	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.6137	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5305.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.6248	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5789	Trust: 0.6
db:	CNNVD	id:	CNNVD-202210-1660	Trust: 0.6
db:	PACKETSTORM	id:	169550	Trust: 0.2
db:	VULHUB	id:	VHN-439580	Trust: 0.1
db:	PACKETSTORM	id:	172241	Trust: 0.1
db:	PACKETSTORM	id:	169586	Trust: 0.1
db:	PACKETSTORM	id:	169555	Trust: 0.1
db:	PACKETSTORM	id:	169595	Trust: 0.1
db:	PACKETSTORM	id:	169794	Trust: 0.1

sources: VULHUB: VHN-439580 // PACKETSTORM: 172241 // PACKETSTORM: 169586 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595 // PACKETSTORM: 169607 // PACKETSTORM: 169795 // PACKETSTORM: 169794 // CNNVD: CNNVD-202210-1660 // NVD: CVE-2022-42799

REFERENCES

url:	https://support.apple.com/en-us/ht213495	Trust: 2.3
url:	https://www.debian.org/security/2022/dsa-5273	Trust: 1.7
url:	https://www.debian.org/security/2022/dsa-5274	Trust: 1.7
url:	https://support.apple.com/en-us/ht213488	Trust: 1.7
url:	https://support.apple.com/en-us/ht213489	Trust: 1.7
url:	https://support.apple.com/en-us/ht213491	Trust: 1.7
url:	https://support.apple.com/en-us/ht213492	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2022/11/msg00010.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2022/11/04/4	Trust: 1.7
url:	https://security.gentoo.org/glsa/202305-32	Trust: 1.6
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5lf4lyp725xz7rwopfuv6dgpn4q5duu4/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/aqklegjk3lhakuqolbhnr2di3iugllty/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jofkx6buejfecsvfv6p5inqcoyqbb4nz/	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42799	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5lf4lyp725xz7rwopfuv6dgpn4q5duu4/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/aqklegjk3lhakuqolbhnr2di3iugllty/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jofkx6buejfecsvfv6p5inqcoyqbb4nz/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42823	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42824	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-42799/	Trust: 0.6
url:	https://packetstormsecurity.com/files/169795/debian-security-advisory-5274-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/169607/apple-security-advisory-2022-10-27-15.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5305.2	Trust: 0.6
url:	https://vigilance.fr/vulnerability/webkitgtk-wpe-webkit-five-vulnerabilities-39866	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-39701	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6137	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6248	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.6029	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5789	Trust: 0.6
url:	https://support.apple.com/en-us/ht201222.	Trust: 0.5
url:	https://www.apple.com/support/security/pgp/	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32923	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42808	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32924	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32940	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42811	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42813	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42798	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32926	Trust: 0.2
url:	https://support.apple.com/ht213492.	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42801	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42803	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32944	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32922	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32947	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-23517	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46691	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-23518	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-46692	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-25358	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2023:2256	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-25362	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-25361	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42863	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-46699	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-42824	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32886	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-25360	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46698	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42852	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2023-25363	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-42867	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-42863	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32888	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-32886	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-46691	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46692	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42867	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-46698	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-32888	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-42852	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-42799	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-42823	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-46700	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-32923	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42826	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-42826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46699	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42810	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42825	Trust: 0.1
url:	https://support.apple.com/ht213489.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42806	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32938	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32946	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42820	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-37434	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-32932	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-42800	Trust: 0.1
url:	https://support.apple.com/ht213491.	Trust: 0.1
url:	https://support.apple.com/ht213495.	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/wpewebkit	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/webkit2gtk	Trust: 0.1

CREDITS

Apple

Trust: 0.5

sources: PACKETSTORM: 169586 // PACKETSTORM: 169555 // PACKETSTORM: 169550 // PACKETSTORM: 169595 // PACKETSTORM: 169607

SOURCES

db:	VULHUB	id:	VHN-439580
db:	PACKETSTORM	id:	172241
db:	PACKETSTORM	id:	169586
db:	PACKETSTORM	id:	169555
db:	PACKETSTORM	id:	169550
db:	PACKETSTORM	id:	169595
db:	PACKETSTORM	id:	169607
db:	PACKETSTORM	id:	169795
db:	PACKETSTORM	id:	169794
db:	CNNVD	id:	CNNVD-202210-1660
db:	NVD	id:	CVE-2022-42799

LAST UPDATE DATE

2024-10-18T22:09:42.404000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-439580	date:	2022-12-08T00:00:00
db:	CNNVD	id:	CNNVD-202210-1660	date:	2023-05-31T00:00:00
db:	NVD	id:	CVE-2022-42799	date:	2023-11-07T03:53:35.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-439580	date:	2022-11-01T00:00:00
db:	PACKETSTORM	id:	172241	date:	2023-05-09T15:24:16
db:	PACKETSTORM	id:	169586	date:	2022-10-31T14:50:41
db:	PACKETSTORM	id:	169555	date:	2022-10-31T14:20:08
db:	PACKETSTORM	id:	169550	date:	2022-10-31T14:18:24
db:	PACKETSTORM	id:	169595	date:	2022-10-31T14:53:38
db:	PACKETSTORM	id:	169607	date:	2022-10-31T15:10:32
db:	PACKETSTORM	id:	169795	date:	2022-11-09T13:39:14
db:	PACKETSTORM	id:	169794	date:	2022-11-09T13:38:05
db:	CNNVD	id:	CNNVD-202210-1660	date:	2022-10-24T00:00:00
db:	NVD	id:	CVE-2022-42799	date:	2022-11-01T20:15:22.907