Detections
Analytics

MiracleLinux 8 : webkit2gtk3-2.34.6-1.el8.ML.1 (AXSA:2022-3625:01)

high Nessus Plugin ID 293462

Language:

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3625:01 advisory.

 * webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free (CVE-2022-22620)
 * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30809)
 * webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-30818)
 * webkitgtk: Logic issue leading to HSTS bypass (CVE-2021-30823)
 * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30846)
 * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30848)
 * webkitgtk: Multiple memory corruption issue leading to arbitrary code execution (CVE-2021-30849)
 * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-30851)
 * webkitgtk: Logic issue leading to Content Security Policy bypass (CVE-2021-30887)
 * webkitgtk: Information leak via Content Security Policy reports (CVE-2021-30888)
 * webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2021-30889)
 * webkitgtk: Logic issue leading to universal cross-site scripting (CVE-2021-30890)
 * webkitgtk: Cross-origin data exfiltration via resource timing API (CVE-2021-30897)
 * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30934)
 * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30936)
 * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30951)
 * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30952)
 * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30953)
 * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30954)
 * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2021-30984)
 * webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create (CVE-2021-45481)
 * webkitgtk: use-after-free in WebCore::ContainerNode::firstChild (CVE-2021-45482)
 * webkitgtk: use-after-free in WebCore::Frame::page (CVE-2021-45483)
 * webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript (CVE-2022-22589)
 * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2022-22590)
 * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2022-22592)
 * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2022-22594)
 * webkitgtk: logic issue was addressed with improved state management (CVE-2022-22637)
 * webkitgtk: Out-of-bounds read leading to memory disclosure (CVE-2021-30836)
 * webkitgtk: CSS compositing issue leading to revealing of the browsing history (CVE-2021-30884)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/14809

Plugin Details

Severity: High

ID: 293462

File Name: miracle_linux_AXSA-2022-3625.nasl

Version: 1.1

Type: local

Published: 1/20/2026

Updated: 1/20/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-30954

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2022-22637

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:webkit2gtk3-devel, p-cpe:/a:miracle:linux:webkit2gtk3-jsc, cpe:/o:miracle:linux:8, p-cpe:/a:miracle:linux:webkit2gtk3, p-cpe:/a:miracle:linux:webkit2gtk3-jsc-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/29/2022

Vulnerability Publication Date: 8/24/2021

CISA Known Exploited Vulnerability Due Dates: 2/25/2022

Reference Information

CVE: CVE-2021-30809, CVE-2021-30818, CVE-2021-30823, CVE-2021-30836, CVE-2021-30846, CVE-2021-30848, CVE-2021-30849, CVE-2021-30851, CVE-2021-30884, CVE-2021-30887, CVE-2021-30888, CVE-2021-30889, CVE-2021-30890, CVE-2021-30897, CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952, CVE-2021-30953, CVE-2021-30954, CVE-2021-30984, CVE-2021-45481, CVE-2021-45482, CVE-2021-45483, CVE-2022-22589, CVE-2022-22590, CVE-2022-22592, CVE-2022-22594, CVE-2022-22620, CVE-2022-22637