Summary
The latest update to the TrustKeeper scan engine that powers our Trustwave Vulnerability Management product (including both internal and external vulnerability scanning) is now available. Enjoy!
New Vulnerability Test Highlights
Some of the more interesting vulnerability tests we added recently are as follows:
CentOS (Credentialed Checks)
Debian (Credentialed Checks)
- Debian chromium Security Update (DSA-5212-1) (CVE-2022-2852, CVE-2022-2853, CVE-2022-2854, CVE-2022-2855, CVE-2022-2856, CVE-2022-2857, CVE-2022-2858, CVE-2022-2859, CVE-2022-2860, CVE-2022-2861)
- Debian chromium Security Update (DSA-5223-1) (CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE-2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022-3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054, CVE-2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058, CVE-2022-3071)
- Debian chromium Security Update (DSA-5225-1) (CVE-2022-3075)
- Debian curl LTS Security Update (DLA-3085-1) (CVE-2021-22898, CVE-2021-22924, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32206, CVE-2022-32208)
- Debian dpdk LTS Security Update (DLA-3092-1) (CVE-2022-2132)
- Debian dpdk Security Update (DSA-5222-1) (CVE-2022-2132, CVE-2022-28199)
- Debian epiphany-browser Security Update (DSA-5208-1) (CVE-2022-29536)
- Debian exim4 LTS Security Update (DLA-3082-1) (CVE-2022-37452)
- Debian firefox-esr LTS Security Update (DLA-3080-1) (CVE-2022-38472, CVE-2022-38473, CVE-2022-38478)
- Debian firefox-esr Security Update (DSA-5217-1) (CVE-2022-38472, CVE-2022-38473, CVE-2022-38478)
- Debian flac LTS Security Update (DLA-3094-1) (CVE-2021-0561)
- Debian gdk-pixbuf Security Update (DSA-5228-1) (CVE-2021-44648, CVE-2021-46829)
- Debian ghostscript LTS Security Update (DLA-3096-1) (CVE-2020-27792)
- Debian gnutls28 Security Update (DSA-5203-1) (CVE-2022-2509)
- Debian gst-plugins-good1.0 Security Update (DSA-5204-1) (CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122)
- Debian kicad Security Update (DSA-5214-1) (CVE-2022-23803, CVE-2022-23804, CVE-2022-23946, CVE-2022-23947)
- Debian libgoogle-gson-java LTS Security Update (DLA-3100-1) (CVE-2022-25647)
- Debian libgoogle-gson-java Security Update (DSA-5227-1) (CVE-2022-25647)
- Debian libmodbus LTS Security Update (DLA-3098-1) (CVE-2022-0367)
- Debian libxslt LTS Security Update (DLA-3101-1) (CVE-2019-5815, CVE-2021-30560)
- Debian libxslt Security Update (DSA-5216-1) (CVE-2021-30560)
- Debian linux Security Update (DSA-5207-1) (CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-26373, CVE-2022-29900, CVE-2022-29901, CVE-2022-36879, CVE-2022-36946)
- Debian linux-5.10 LTS Security Update (DLA-3102-1) (CVE-2022-2585, CVE-2022-2586, CVE-2022-2588, CVE-2022-26373, CVE-2022-29900, CVE-2022-29901, CVE-2022-36879, CVE-2022-36946)
- Debian maven-shared-utils LTS Security Update (DLA-3086-1) (CVE-2022-29599)
- Debian ndpi LTS Security Update (DLA-3084-1) (CVE-2020-15472, CVE-2020-15476)
- Debian net-snmp LTS Security Update (DLA-3088-1) (CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810)
- Debian net-snmp Security Update (DSA-5209-1) (CVE-2022-24805, CVE-2022-24806, CVE-2022-24807, CVE-2022-24808, CVE-2022-24809, CVE-2022-24810)
- Debian open-vm-tools LTS Security Update (DLA-3081-1) (CVE-2022-31676)
- Debian open-vm-tools Security Update (DSA-5215-1) (CVE-2022-31676)
- Debian paramiko LTS Security Update (DLA-3104-1) (CVE-2022-24302)
- Debian pcs Security Update (DSA-5226-1) (CVE-2022-1049, CVE-2022-2735)
- Debian php-horde-mime-viewer LTS Security Update (DLA-3089-1) (CVE-2022-26874)
- Debian php-horde-turba LTS Security Update (DLA-3090-1) (CVE-2022-30287)
- Debian poppler Security Update (DSA-5224-1) (CVE-2022-27337, CVE-2022-38784)
- Debian puma LTS Security Update (DLA-3083-1) (CVE-2021-29509, CVE-2021-41136, CVE-2022-23634, CVE-2022-24790)
- Debian qemu LTS Security Update (DLA-3099-1) (CVE-2020-13253, CVE-2020-15469, CVE-2020-15859, CVE-2020-25084, CVE-2020-25085, CVE-2020-25624, CVE-2020-25625, CVE-2020-25723, CVE-2020-27617, CVE-2020-27821, CVE-2020-28916, CVE-2020-29129, CVE-2020-29443, CVE-2020-35504, CVE-2020-35505, CVE-2021-20181, CVE-2021-20196, CVE-2021-20203, CVE-2021-20221, CVE-2021-20257, CVE-2021-3392, CVE-2021-3416, CVE-2021-3507, CVE-2021-3527, CVE-2021-3582, CVE-2021-3607, CVE-2021-3608, CVE-2021-3682, CVE-2021-3713, CVE-2021-3748, CVE-2021-3930, CVE-2021-4206, CVE-2021-4207, CVE-2022-26354, CVE-2022-35414)
- Debian ruby-rack LTS Security Update (DLA-3095-1) (CVE-2022-30122, CVE-2022-30123)
- Debian samba Security Update (DSA-5205-1) (CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746)
- Debian schroot Security Update (DSA-5213-1) (CVE-2022-2787)
- Debian sofia-sip LTS Security Update (DLA-3091-1) (CVE-2022-31001, CVE-2022-31002, CVE-2022-31003)
- Debian thunderbird LTS Security Update (DLA-3097-1) (CVE-2022-38472, CVE-2022-38473, CVE-2022-38478)
- Debian thunderbird Security Update (DSA-5221-1) (CVE-2022-38472, CVE-2022-38473, CVE-2022-38478)
- Debian trafficserver Security Update (DSA-5206-1) (CVE-2021-37150, CVE-2022-25763, CVE-2022-28129, CVE-2022-31778, CVE-2022-31779, CVE-2022-31780)
- Debian unzip Security Update (DSA-5202-1) (CVE-2022-0529, CVE-2022-0530)
- Debian webkit2gtk LTS Security Update (DLA-3087-1) (CVE-2022-32893)
- Debian webkit2gtk Security Update (DSA-5210-1) (CVE-2022-32792, CVE-2022-32816)
- Debian webkit2gtk Security Update (DSA-5219-1) (CVE-2022-32893)
- Debian wpewebkit Security Update (DSA-5211-1) (CVE-2022-32792, CVE-2022-32816)
- Debian wpewebkit Security Update (DSA-5220-1) (CVE-2022-32893)
- Debian zlib LTS Security Update (DLA-3103-1) (CVE-2022-37434)
- Debian zlib Security Update (DSA-5218-1) (CVE-2022-37434)
FILL_ME_IN_MANUALLY
- Pulse Connect Secure targets.cgi Hard-coded Credentials Vulnerability (CVE-2021-44720)
- Splunk Dashboard Information Disclosure Vulnerability (SVD-2022-0802) (CVE-2022-37438)
- Splunk Ingest Actions Improper Certificate Validation Vulnerability (SVD-2022-0801) (CVE-2022-37437)
- Splunk ZIP file Denial of Service Vulnerability (SVD-2022-0803) (CVE-2022-37439)
Fedora (Credentialed Checks)
- Fedora autotrace Security Update (FEDORA-2022-6813a0eb99) (CVE-2022-32323)
- Fedora cloudcompare Security Update (FEDORA-2022-8d01b8b6d3) (CVE-2021-21897)
- Fedora cloudcompare Security Update (FEDORA-2022-9d17930140) (CVE-2021-21897)
- Fedora curl Security Update (FEDORA-2022-5131c26a69) (CVE-2022-35252)
- Fedora exim Security Update (FEDORA-2022-1ca1d22165) (CVE-2022-37451)
- Fedora exim Security Update (FEDORA-2022-f9a8388e62) (CVE-2022-37451)
- Fedora insight Security Update (FEDORA-2022-8e1df11a7a) (CVE-2021-3826)
- Fedora kernel Security Update (FEDORA-2022-35c14ba5bb) (CVE-2022-3028)
- Fedora kernel Security Update (FEDORA-2022-6835ddb6d8) (CVE-2022-3028)
- Fedora libtar Security Update (FEDORA-2022-50e8a1b51d) (CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646)
- Fedora libtar Security Update (FEDORA-2022-fe1a4e3cf0) (CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646)
- Fedora mediawiki Security Update (FEDORA-2022-f83aec6d57) (CVE-2022-34911, CVE-2022-34912)
- Fedora open-vm-tools Security Update (FEDORA-2022-cd23eac6f4) (CVE-2022-31676)
- Fedora pdns-recursor Security Update (FEDORA-2022-d1dcd9b046) (CVE-2022-37428)
- Fedora protobuf-c Security Update (FEDORA-2022-3be472fe11) (CVE-2022-33070)
- Fedora rsync Security Update (FEDORA-2022-15da0cf165) (CVE-2022-29154, CVE-2022-37434)
- Fedora rubygem-puma Security Update (FEDORA-2022-52d0032596) (CVE-2022-23634, CVE-2022-24790)
- Fedora rubygem-puma Security Update (FEDORA-2022-de968d1b6c) (CVE-2022-23634, CVE-2022-24790)
- Fedora subscription-manager-cockpit-4 Security Update (FEDORA-2022-b9ef7c3c3c) (CVE-2022-31129)
- Fedora tcpreplay Security Update (FEDORA-2022-47484afa15) (CVE-2022-27939, CVE-2022-27940, CVE-2022-27941, CVE-2022-27942, CVE-2022-28487, CVE-2022-37047, CVE-2022-37048, CVE-2022-37049)
- Fedora tcpreplay Security Update (FEDORA-2022-680ea95f71) (CVE-2022-27939, CVE-2022-27940, CVE-2022-27941, CVE-2022-27942, CVE-2022-28487, CVE-2022-37047, CVE-2022-37048, CVE-2022-37049)
- Fedora varnish-modules Security Update (FEDORA-2022-99702d9bdd) (CVE-2022-38150)
- Fedora vim Security Update (FEDORA-2022-221bd89404) (CVE-2022-3037)
- Fedora vim Security Update (FEDORA-2022-35d9bdb7dc) (CVE-2022-3037)
- Fedora vim Security Update (FEDORA-2022-3b33d04743) (CVE-2022-2845, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946)
- Fedora webkit2gtk3 Security Update (FEDORA-2022-ddfeee50c9) (CVE-2022-32893)
- Fedora zlib Security Update (FEDORA-2022-b8232d1cca) (CVE-2022-37434)
FreeBSD
- FreeBSD chromium Security Update (f2043ff6-2916-11ed-a1ef-3065ec8fd3ec) (CVE-2022-3038, CVE-2022-3039, CVE-2022-3040, CVE-2022-3041, CVE-2022-3042, CVE-2022-3043, CVE-2022-3044, CVE-2022-3045, CVE-2022-3046, CVE-2022-3047, CVE-2022-3048, CVE-2022-3049, CVE-2022-3050, CVE-2022-3051, CVE-2022-3052, CVE-2022-3053, CVE-2022-3054, CVE-2022-3055, CVE-2022-3056, CVE-2022-3057, CVE-2022-3058)
- FreeBSD chromium Security Update (f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec) (CVE-2022-3075)
- FreeBSD Gitlab Security Update (e6b994e2-2891-11ed-9be7-454b1dd82c64) (CVE-2022-2428, CVE-2022-2455, CVE-2022-2527, CVE-2022-2533, CVE-2022-2592, CVE-2022-2630, CVE-2022-2865, CVE-2022-2907, CVE-2022-2908, CVE-2022-2931, CVE-2022-2992, CVE-2022-3031)
- FreeBSD go Security Update (6fea7103-2ea4-11ed-b403-3dae8ac60d3e) (CVE-2022-27664, CVE-2022-32190)
- FreeBSD Grafana Security Update (827b95ff-290e-11ed-a2e7-6c3be5272acd) (CVE-2022-31176)
- FreeBSD Matrix clients Security Update (e4d93d07-297a-11ed-95f8-901b0e9408dc) (CVE-2022-36059, CVE-2022-36060)
- FreeBSD powerdns-recursor Security Update (5418b360-29cc-11ed-a6d4-6805ca2fa271) (CVE-2022-37428)
- FreeBSD Python Security Update (80e057e7-2f0a-11ed-978f-fcaa147e860e) (CVE-2020-10735)
Microsoft
- Microsoft Windows September 2022 Security Updates Missing (CVE-2022-23960, CVE-2022-26928, CVE-2022-30170, CVE-2022-30196, CVE-2022-30200, CVE-2022-33647, CVE-2022-33679, CVE-2022-34718, CVE-2022-34719, CVE-2022-34720, CVE-2022-34721, CVE-2022-34722, CVE-2022-34723, CVE-2022-34724, CVE-2022-34725, CVE-2022-34726, CVE-2022-34727, CVE-2022-34728, CVE-2022-34729, CVE-2022-34730, CVE-2022-34731, CVE-2022-34732, CVE-2022-34733, CVE-2022-34734, CVE-2022-35803, CVE-2022-35830, CVE-2022-35831, CVE-2022-35832, CVE-2022-35833, CVE-2022-35834, CVE-2022-35835, CVE-2022-35836, CVE-2022-35837, CVE-2022-35838, CVE-2022-35840, CVE-2022-35841, CVE-2022-37954, CVE-2022-37955, CVE-2022-37956, CVE-2022-37957, CVE-2022-37958, CVE-2022-37959, CVE-2022-37969, CVE-2022-38004, CVE-2022-38005, CVE-2022-38006)
Oracle
PHP
Red Hat (Credentialed Checks)
SUSE Linux (Credentialed Checks)
- SUSE bluez Security Update (SUSE-SU-2022:2948-1) (CVE-2019-8922, CVE-2022-0204)
- SUSE curl Security Update (SUSE-SU-2022:3005-1) (CVE-2022-35252)
- SUSE flatpak Security Update (SUSE-SU-2022:2990-1) (CVE-2021-21261, CVE-2021-21381)
- SUSE gdk-pixbuf Security Update (SUSE-SU-2022:3230-1) (CVE-2021-44648)
- SUSE gpg2 Security Update (SUSE-SU-2022:3144-1) (CVE-2022-34903)
- SUSE gstreamer-plugins-good Security Update (SUSE-SU-2022:2957-1) (CVE-2022-1920, CVE-2022-1921, CVE-2022-1922, CVE-2022-1923, CVE-2022-1924, CVE-2022-1925, CVE-2022-2122)
- SUSE icu Security Update (SUSE-SU-2022:3140-1) (CVE-2020-21913)
- SUSE ImageMagick Security Update (SUSE-SU-2022:3138-1) (CVE-2021-20224)
- SUSE java-1_8_0-ibm Security Update (SUSE-SU-2022:2949-1) (CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-34169)
- SUSE java-1_8_0-ibm Security Update (SUSE-SU-2022:3152-1) (CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-34169)
- SUSE json-c Security Update (SUSE-SU-2022:3001-1) (CVE-2020-12762)
- SUSE libgda Security Update (SUSE-SU-2022:3016-1) (CVE-2021-39359)
- SUSE libnl-1_1 Security Update (SUSE-SU-2022:3207-1) (CVE-2017-0386)
- SUSE libnl3 Security Update (SUSE-SU-2022:3208-1) (CVE-2017-0386)
- SUSE libtirpc Security Update (SUSE-SU-2022:2991-1) (CVE-2021-46828)
- SUSE Manager Client Tools Security Update (SUSE-SU-2022:3178-1) (CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-3447, CVE-2021-3583, CVE-2021-3620)
- SUSE mariadb Security Update (SUSE-SU-2022:3225-1) (CVE-2018-25032, CVE-2022-32081, CVE-2022-32083, CVE-2022-32084, CVE-2022-32085, CVE-2022-32086, CVE-2022-32087, CVE-2022-32088, CVE-2022-32089, CVE-2022-32091)
- SUSE MozillaFirefox Security Update (SUSE-SU-2022:2984-1) (CVE-2022-38472, CVE-2022-38473, CVE-2022-38478)
- SUSE MozillaFirefox Security Update (SUSE-SU-2022:3007-1) (CVE-2022-38472, CVE-2022-38473, CVE-2022-38478)
- SUSE MozillaFirefox Security Update (SUSE-SU-2022:3030-1) (CVE-2022-38472, CVE-2022-38473, CVE-2022-38478)
- SUSE open-vm-tools Security Update (SUSE-SU-2022:2935-1) (CVE-2022-31676)
- SUSE open-vm-tools Security Update (SUSE-SU-2022:2985-1) (CVE-2022-31676)
- SUSE open-vm-tools Security Update (SUSE-SU-2022:2986-1) (CVE-2022-31676)
- SUSE openvswitch Security Update (SUSE-SU-2022:3098-1) (CVE-2021-36980)
- SUSE postgresql10 Security Update (SUSE-SU-2022:2946-1) (CVE-2022-2625)
- SUSE postgresql12 Security Update (SUSE-SU-2022:2958-1) (CVE-2021-23214, CVE-2021-23222, CVE-2021-32027, CVE-2021-32028, CVE-2021-32029, CVE-2021-3677, CVE-2022-1552, CVE-2022-2625)
- SUSE postgresql12 Security Update (SUSE-SU-2022:2988-1) (CVE-2022-2625)
- SUSE postgresql12 Security Update (SUSE-SU-2022:3193-1) (CVE-2022-2625)
- SUSE postgresql13 Security Update (SUSE-SU-2022:2987-1) (CVE-2022-2625)
- SUSE postgresql14 Security Update (SUSE-SU-2022:2989-1) (CVE-2022-2625)
- SUSE python-bottle Security Update (SUSE-SU-2022:3103-1) (CVE-2022-31799)
- SUSE python-Flask-Security-Too Security Update (SUSE-SU-2022:3093-1) (CVE-2021-21241)
- SUSE python-pyxdg Security Update (SUSE-SU-2022:2997-1) (CVE-2019-12761)
- SUSE rsync Security Update (SUSE-SU-2022:2959-1) (CVE-2022-29154)
- SUSE ucode-intel Security Update (SUSE-SU-2022:2960-1) (CVE-2022-21233)
- SUSE udisks2 Security Update (SUSE-SU-2022:3160-1) (CVE-2021-3802)
- SUSE vim Security Update (SUSE-SU-2022:3229-1) (CVE-2022-1720, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2231, CVE-2022-2257, CVE-2022-2264, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2571, CVE-2022-2580, CVE-2022-2581, CVE-2022-2598, CVE-2022-2816, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-3016)
- SUSE webkit2gtk3 Security Update (SUSE-SU-2022:3136-1) (CVE-2022-32893)
- SUSE zabbix Security Update (SUSE-SU-2022:3101-1) (CVE-2022-35230)
- SUSE zlib Security Update (SUSE-SU-2022:2947-1) (CVE-2022-37434)
Samba
- Samba Audit Logging Module Use-After-Free Vulnerability (CVE-2022-32746)
- Samba KDC and Kpasswd Service Improper Authentication Vulnerability (CVE-2022-2031)
- Samba Kpasswd Service Authentication Bypass Vulnerability (CVE-2022-32744)
- Samba MaxQueryDuration Uncontrolled Resource Consumption Vulnerability (CVE-2021-3670)
- Samba Server Uninitialized Data Denial of Service Vulnerability (CVE-2022-32745)
- Samba SMB1 Memory Information Leak Vulnerability (CVE-2022-32742)
- Samba SPN Access Control Bypass Vulnerability (CVE-2022-0336)
- Samba Symlink Improper Synchronization Vulnerability (CVE-2021-20316)
Ubuntu (Credentialed Checks)
- Ubuntu LibTIFF vulnerabilities (USN-5523-2) (CVE-2022-0907, CVE-2022-0908, CVE-2022-0909, CVE-2022-0924, CVE-2022-22844)
- Ubuntu Linux kernel (Azure CVM) vulnerabilities (USN-5605-1) (CVE-2021-33061, CVE-2021-33656)
- Ubuntu Linux kernel (HWE) vulnerabilities (USN-5600-1) (CVE-2021-33061, CVE-2021-33656)
- Ubuntu Linux kernel (Oracle) vulnerabilities (USN-5599-1) (CVE-2021-33061, CVE-2022-1012, CVE-2022-1729, CVE-2022-1852, CVE-2022-1943, CVE-2022-1973, CVE-2022-2503, CVE-2022-2873, CVE-2022-2959)
- Ubuntu Linux kernel (Oracle) vulnerability (USN-5598-1) (CVE-2021-33656)
- Ubuntu Linux kernel (Raspberry Pi) vulnerabilities (USN-5602-1) (CVE-2021-33061, CVE-2022-1012, CVE-2022-1729, CVE-2022-1852, CVE-2022-1943, CVE-2022-1973, CVE-2022-2503, CVE-2022-2873, CVE-2022-2959)
- Ubuntu Linux kernel (Raspberry Pi) vulnerabilities (USN-5603-1) (CVE-2021-33061, CVE-2021-33656)
Webmin
How to Update?
All Trustwave customers using the TrustKeeper Scan Engine receive the updates automatically as soon as an update is available. No action is required.