{ "Definition": [ { "ID": "oval:org.altlinux.errata:def:20212988", "Version": "oval:org.altlinux.errata:def:20212988", "Class": "patch", "Metadata": { "Title": "ALT-PU-2021-2988: package `chromium` update to version 94.0.4606.71-alt1", "AffectedList": [ { "Family": "unix", "Platforms": [ "ALT Linux branch c10f1" ], "Products": [ "ALT SP Workstation", "ALT SP Server" ] } ], "References": [ { "RefID": "ALT-PU-2021-2988", "RefURL": "https://errata.altlinux.org/ALT-PU-2021-2988", "Source": "ALTPU" }, { "RefID": "BDU:2021-05507", "RefURL": "https://bdu.fstec.ru/vul/2021-05507", "Source": "BDU" }, { "RefID": "BDU:2021-06193", "RefURL": "https://bdu.fstec.ru/vul/2021-06193", "Source": "BDU" }, { "RefID": "BDU:2021-06421", "RefURL": "https://bdu.fstec.ru/vul/2021-06421", "Source": "BDU" }, { "RefID": "BDU:2021-06424", "RefURL": "https://bdu.fstec.ru/vul/2021-06424", "Source": "BDU" }, { "RefID": "BDU:2021-06431", "RefURL": "https://bdu.fstec.ru/vul/2021-06431", "Source": "BDU" }, { "RefID": "BDU:2022-00050", "RefURL": "https://bdu.fstec.ru/vul/2022-00050", "Source": "BDU" }, { "RefID": "BDU:2022-00051", "RefURL": "https://bdu.fstec.ru/vul/2022-00051", "Source": "BDU" }, { "RefID": "BDU:2022-00052", "RefURL": "https://bdu.fstec.ru/vul/2022-00052", "Source": "BDU" }, { "RefID": "BDU:2022-00053", "RefURL": "https://bdu.fstec.ru/vul/2022-00053", "Source": "BDU" }, { "RefID": "BDU:2022-00054", "RefURL": "https://bdu.fstec.ru/vul/2022-00054", "Source": "BDU" }, { "RefID": "BDU:2022-00056", "RefURL": "https://bdu.fstec.ru/vul/2022-00056", "Source": "BDU" }, { "RefID": "BDU:2022-00059", "RefURL": "https://bdu.fstec.ru/vul/2022-00059", "Source": "BDU" }, { "RefID": "BDU:2022-00060", "RefURL": "https://bdu.fstec.ru/vul/2022-00060", "Source": "BDU" }, { "RefID": "BDU:2022-00074", "RefURL": "https://bdu.fstec.ru/vul/2022-00074", "Source": "BDU" }, { "RefID": "BDU:2022-00075", "RefURL": "https://bdu.fstec.ru/vul/2022-00075", "Source": "BDU" }, { "RefID": "BDU:2022-00076", "RefURL": "https://bdu.fstec.ru/vul/2022-00076", "Source": "BDU" }, { "RefID": "BDU:2022-00077", "RefURL": "https://bdu.fstec.ru/vul/2022-00077", "Source": "BDU" }, { "RefID": "CVE-2021-37956", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37956", "Source": "CVE" }, { "RefID": "CVE-2021-37957", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37957", "Source": "CVE" }, { "RefID": "CVE-2021-37958", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37958", "Source": "CVE" }, { "RefID": "CVE-2021-37959", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37959", "Source": "CVE" }, { "RefID": "CVE-2021-37960", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37960", "Source": "CVE" }, { "RefID": "CVE-2021-37961", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37961", "Source": "CVE" }, { "RefID": "CVE-2021-37962", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37962", "Source": "CVE" }, { "RefID": "CVE-2021-37963", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37963", "Source": "CVE" }, { "RefID": "CVE-2021-37964", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37964", "Source": "CVE" }, { "RefID": "CVE-2021-37965", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37965", "Source": "CVE" }, { "RefID": "CVE-2021-37966", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37966", "Source": "CVE" }, { "RefID": "CVE-2021-37967", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37967", "Source": "CVE" }, { "RefID": "CVE-2021-37968", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37968", "Source": "CVE" }, { "RefID": "CVE-2021-37969", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37969", "Source": "CVE" }, { "RefID": "CVE-2021-37970", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37970", "Source": "CVE" }, { "RefID": "CVE-2021-37971", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37971", "Source": "CVE" }, { "RefID": "CVE-2021-37972", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37972", "Source": "CVE" }, { "RefID": "CVE-2021-37973", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37973", "Source": "CVE" }, { "RefID": "CVE-2021-37974", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37974", "Source": "CVE" }, { "RefID": "CVE-2021-37975", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37975", "Source": "CVE" }, { "RefID": "CVE-2021-37976", "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-37976", "Source": "CVE" } ], "Description": "This update upgrades chromium to version 94.0.4606.71-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05507: Уязвимость компонента Portals браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выйти из изолированной программной среды\n\n * BDU:2021-06193: Уязвимость кодека libjpeg-turbo, связанная с чтением за границами буфера, позволяющая нарушителю получить доступ к конфиденциальной информации или вызвать отказ в обслуживании\n\n * BDU:2021-06421: Уязвимость автономного режима браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить код в контексте привилегированного процесса\n\n * BDU:2021-06424: Уязвимость программного интерфейса Background Fetch API браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2021-06431: Уязвимость интерфейса File System API браузера Google Chrome , связанная с использованием памяти после её освобождения, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2022-00050: Уязвимость приложение для загрузки программ Google Updater браузера Google Chrome, операционной системы Windows , связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии через созданный файл\n\n * BDU:2022-00051: Уязвимость компонента Tab Strip браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю обойти существующие ограничения безопасности с помощью специально созданной HTML страницы\n\n * BDU:2022-00052: Уязвимость функции Navigation браузера Google Chrome, операционной системы Windows , позволяющая нарушителю обойти существующие ограничения безопасности с помощью специально созданной HTML страницы\n\n * BDU:2022-00053: Уязвимость диспетчера задач браузера Google Chrome, связанная с использованием памяти после её освобождения, позволяющая нарушителю выполнить произвольные команды\n\n * BDU:2022-00054: Уязвимость компонента ChromeOS Networking браузера Google Chrome, позволяющая нарушителю получить привилегированный доступ к инфраструктуре через созданный файл ONC\n\n * BDU:2022-00056: Уязвимость пользовательского интерфейса браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности с помощью специально созданной HTML страницы\n\n * BDU:2022-00059: Уязвимость API для работы с компьютерной графикой WebGPU браузера Google Chrome , связанная с использованием памяти после её освобождения, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2022-00060: Уязвимость компонента Performance Manager браузера Google Chrome, позволяющая нарушителю выполнить код в контексте привилегированного процесса с помощью специально созданной HTML страницы\n\n * BDU:2022-00074: Уязвимость набора инструментов для веб-разработки DevTools браузера Google Chrome, позволяющие нарушителю обойти существующие ограничения безопасности с помощью специально созданной HTML страницы\n\n * BDU:2022-00075: Уязвимость компонента compositing браузера Google Chrome, позволяющая нарушителю подделать содержимое адресной строки с помощью специально созданной HTML страницы\n\n * BDU:2022-00076: Уязвимость программного интерфейса Background Fetch API браузера Google Chrome , связанная с раскрытием информации в ошибочной области данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-00077: Уязвимость программного интерфейса Background Fetch API браузера Google Chrome, связанная с раскрытием информации в ошибочной области данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * CVE-2021-37956: Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-37957: Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-37958: Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.\n\n * CVE-2021-37959: Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-37960: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none\n\n * CVE-2021-37961: Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-37962: Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-37963: Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.\n\n * CVE-2021-37964: Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi impersonation attack via a crafted ONC file.\n\n * CVE-2021-37965: Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.\n\n * CVE-2021-37966: Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n\n * CVE-2021-37967: Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.\n\n * CVE-2021-37968: Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.\n\n * CVE-2021-37969: Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.\n\n * CVE-2021-37970: Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-37971: Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.\n\n * CVE-2021-37972: Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-37973: Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\n * CVE-2021-37974: Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-37975: Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2021-37976: Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.", "Advisory": { "From": "errata.altlinux.org", "Severity": "Critical", "Rights": "Copyright 2024 BaseALT Ltd.", "Issued": { "Date": "2021-10-07" }, "Updated": { "Date": "2021-10-07" }, "BDUs": [ { "ID": "BDU:2021-05507", "CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2021-05507", "Impact": "Critical", "Public": "20210921" }, { "ID": "BDU:2021-06193", "CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:P", "CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", "CWE": "CWE-125", "Href": "https://bdu.fstec.ru/vul/2021-06193", "Impact": "Low", "Public": "20210921" }, { "ID": "BDU:2021-06421", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2021-06421", "Impact": "High", "Public": "20211008" }, { "ID": "BDU:2021-06424", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-668", "Href": "https://bdu.fstec.ru/vul/2021-06424", "Impact": "Low", "Public": "20211008" }, { "ID": "BDU:2021-06431", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2021-06431", "Impact": "High", "Public": "20211008" }, { "ID": "BDU:2022-00050", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-269", "Href": "https://bdu.fstec.ru/vul/2022-00050", "Impact": "High", "Public": "20211008" }, { "ID": "BDU:2022-00051", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2022-00051", "Impact": "High", "Public": "20211008" }, { "ID": "BDU:2022-00052", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2022-00052", "Impact": "Low", "Public": "20211008" }, { "ID": "BDU:2022-00053", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2022-00053", "Impact": "High", "Public": "20211008" }, { "ID": "BDU:2022-00054", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-358", "Href": "https://bdu.fstec.ru/vul/2022-00054", "Impact": "Low", "Public": "20211008" }, { "ID": "BDU:2022-00056", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-1021", "Href": "https://bdu.fstec.ru/vul/2022-00056", "Impact": "Low", "Public": "20211008" }, { "ID": "BDU:2022-00059", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2022-00059", "Impact": "High", "Public": "20211008" }, { "ID": "BDU:2022-00060", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://bdu.fstec.ru/vul/2022-00060", "Impact": "High", "Public": "20211008" }, { "ID": "BDU:2022-00074", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-310", "Href": "https://bdu.fstec.ru/vul/2022-00074", "Impact": "Low", "Public": "20211008" }, { "ID": "BDU:2022-00075", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-346", "Href": "https://bdu.fstec.ru/vul/2022-00075", "Impact": "Low", "Public": "20211008" }, { "ID": "BDU:2022-00076", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-668", "Href": "https://bdu.fstec.ru/vul/2022-00076", "Impact": "Low", "Public": "20211008" }, { "ID": "BDU:2022-00077", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-668", "Href": "https://bdu.fstec.ru/vul/2022-00077", "Impact": "Low", "Public": "20211008" } ], "CVEs": [ { "ID": "CVE-2021-37956", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37956", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37957", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37957", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37958", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37958", "Impact": "Low", "Public": "20211008" }, { "ID": "CVE-2021-37959", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37959", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37960", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37960", "Impact": "None", "Public": "20211102" }, { "ID": "CVE-2021-37961", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37961", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37962", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37962", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37963", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37963", "Impact": "Low", "Public": "20211008" }, { "ID": "CVE-2021-37964", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "NVD-CWE-noinfo", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37964", "Impact": "Low", "Public": "20211008" }, { "ID": "CVE-2021-37965", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "NVD-CWE-Other", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37965", "Impact": "Low", "Public": "20211008" }, { "ID": "CVE-2021-37966", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-346", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37966", "Impact": "Low", "Public": "20211008" }, { "ID": "CVE-2021-37967", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-346", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37967", "Impact": "Low", "Public": "20211008" }, { "ID": "CVE-2021-37968", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "CWE": "CWE-203", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37968", "Impact": "Low", "Public": "20211008" }, { "ID": "CVE-2021-37969", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-59", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37969", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37970", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37970", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37971", "CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "CWE": "CWE-1021", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37971", "Impact": "Low", "Public": "20211008" }, { "ID": "CVE-2021-37972", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-125", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37972", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37973", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37973", "Impact": "Critical", "Public": "20211008" }, { "ID": "CVE-2021-37974", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37974", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37975", "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "CWE": "CWE-416", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37975", "Impact": "High", "Public": "20211008" }, { "ID": "CVE-2021-37976", "CVSS": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "CWE": "CWE-862", "Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-37976", "Impact": "Low", "Public": "20211008" } ], "AffectedCPEs": { "CPEs": [ "cpe:/o:alt:spworkstation:10", "cpe:/o:alt:spserver:10" ] } } }, "Criteria": { "Operator": "AND", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:4001", "Comment": "ALT Linux must be installed" } ], "Criterias": [ { "Operator": "OR", "Criterions": [ { "TestRef": "oval:org.altlinux.errata:tst:20212988001", "Comment": "chromium is earlier than 0:94.0.4606.71-alt1" } ] } ] } } ] }