pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2dae4da41e
vuln-list-alt/oval/c10f1/ALT-PU-2022-2325/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

437 lines
21 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222325",
"Version": "oval:org.altlinux.errata:def:20222325",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2325: package `chromium` update to version 103.0.5060.53-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2325",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2325",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-03500",
"RefURL": "https://bdu.fstec.ru/vul/2022-03500",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03501",
"RefURL": "https://bdu.fstec.ru/vul/2022-03501",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03502",
"RefURL": "https://bdu.fstec.ru/vul/2022-03502",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03503",
"RefURL": "https://bdu.fstec.ru/vul/2022-03503",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03731",
"RefURL": "https://bdu.fstec.ru/vul/2022-03731",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03732",
"RefURL": "https://bdu.fstec.ru/vul/2022-03732",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03733",
"RefURL": "https://bdu.fstec.ru/vul/2022-03733",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03734",
"RefURL": "https://bdu.fstec.ru/vul/2022-03734",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03735",
"RefURL": "https://bdu.fstec.ru/vul/2022-03735",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03736",
"RefURL": "https://bdu.fstec.ru/vul/2022-03736",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03737",
"RefURL": "https://bdu.fstec.ru/vul/2022-03737",
"Source": "BDU"
},
{
"RefID": "BDU:2022-03747",
"RefURL": "https://bdu.fstec.ru/vul/2022-03747",
"Source": "BDU"
},
{
"RefID": "BDU:2022-04787",
"RefURL": "https://bdu.fstec.ru/vul/2022-04787",
"Source": "BDU"
},
{
"RefID": "CVE-2022-2007",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2007",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2008",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2008",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2010",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2010",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2011",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2011",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2156",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2156",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2157",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2157",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2158",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2158",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2160",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2160",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2161",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2161",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2162",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2162",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2163",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2163",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2164",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2164",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2165",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2165",
"Source": "CVE"
},
{
"RefID": "CVE-2022-2415",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-2415",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 103.0.5060.53-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2022-03500: Уязвимость компонента Compositing браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-03501: Уязвимость API для работы с компьютерной графикой WebGPU браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-03502: Уязвимость библиотеки ANGLE браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-03503: Уязвимость компонента WebGL браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * BDU:2022-03731: Уязвимость интерфейса File System API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти введенные ограничения безопасности с помощью специально созданного веб-сайта\n\n * BDU:2022-03732: Уязвимость браузеров Google Chrome и Microsoft Edge, существующая из-за недостаточной проверки входных данных при форматировании URL-адресов, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-03733: Уязвимость компонента Extensions API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-03734: Уязвимость компонента WebApp Provider браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации\n\n * BDU:2022-03735: Уязвимость набора инструментов для веб-разработки DevTools браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения доступа\n\n * BDU:2022-03736: Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-03737: Уязвимость реализации расширения «Группы вкладок» браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-03747: Уязвимость компонента Base браузеров Google Chrome и Microsoft, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-04787: Уязвимость компонента WebGL веб-браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код\n\n * CVE-2022-2007: Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-2008: Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-2010: Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.\n\n * CVE-2022-2011: Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-2156: Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-2157: Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-2158: Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-2160: Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from a user's local files via a crafted HTML page.\n\n * CVE-2022-2161: Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.\n\n * CVE-2022-2162: Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.\n\n * CVE-2022-2163: Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.\n\n * CVE-2022-2164: Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.\n\n * CVE-2022-2165: Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.\n\n * CVE-2022-2415: Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-08-01"
},
"Updated": {
"Date": "2022-08-01"
},
"BDUs": [
{
"ID": "BDU:2022-03500",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-03500",
"Impact": "High",
"Public": "20220513"
},
{
"ID": "BDU:2022-03501",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-03501",
"Impact": "High",
"Public": "20220517"
},
{
"ID": "BDU:2022-03502",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-03502",
"Impact": "High",
"Public": "20220531"
},
{
"ID": "BDU:2022-03503",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2022-03503",
"Impact": "High",
"Public": "20220419"
},
{
"ID": "BDU:2022-03731",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2022-03731",
"Impact": "Low",
"Public": "20220623"
},
{
"ID": "BDU:2022-03732",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2022-03732",
"Impact": "Low",
"Public": "20220623"
},
{
"ID": "BDU:2022-03733",
"CVSS": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"CWE": "CWE-358",
"Href": "https://bdu.fstec.ru/vul/2022-03733",
"Impact": "Low",
"Public": "20220623"
},
{
"ID": "BDU:2022-03734",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-03734",
"Impact": "Low",
"Public": "20220623"
},
{
"ID": "BDU:2022-03735",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2022-03735",
"Impact": "Low",
"Public": "20220623"
},
{
"ID": "BDU:2022-03736",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-843",
"Href": "https://bdu.fstec.ru/vul/2022-03736",
"Impact": "High",
"Public": "20220623"
},
{
"ID": "BDU:2022-03737",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-03737",
"Impact": "High",
"Public": "20220623"
},
{
"ID": "BDU:2022-03747",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2022-03747",
"Impact": "Critical",
"Public": "20220611"
},
{
"ID": "BDU:2022-04787",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-122",
"Href": "https://bdu.fstec.ru/vul/2022-04787",
"Impact": "High",
"Public": "20220414"
}
],
"CVEs": [
{
"ID": "CVE-2022-2007",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2007",
"Impact": "High",
"Public": "20220728"
},
{
"ID": "CVE-2022-2008",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2008",
"Impact": "High",
"Public": "20220728"
},
{
"ID": "CVE-2022-2010",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2010",
"Impact": "Critical",
"Public": "20220728"
},
{
"ID": "CVE-2022-2011",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2011",
"Impact": "High",
"Public": "20220728"
},
{
"ID": "CVE-2022-2156",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2156",
"Impact": "High",
"Public": "20220728"
},
{
"ID": "CVE-2022-2157",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2157",
"Impact": "High",
"Public": "20220728"
},
{
"ID": "CVE-2022-2158",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2158",
"Impact": "High",
"Public": "20220728"
},
{
"ID": "CVE-2022-2160",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2160",
"Impact": "Low",
"Public": "20220728"
},
{
"ID": "CVE-2022-2161",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2161",
"Impact": "High",
"Public": "20220728"
},
{
"ID": "CVE-2022-2162",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2162",
"Impact": "High",
"Public": "20220728"
},
{
"ID": "CVE-2022-2163",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2163",
"Impact": "High",
"Public": "20220728"
},
{
"ID": "CVE-2022-2164",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2164",
"Impact": "Low",
"Public": "20220728"
},
{
"ID": "CVE-2022-2165",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2165",
"Impact": "Low",
"Public": "20220728"
},
{
"ID": "CVE-2022-2415",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-2415",
"Impact": "High",
"Public": "20220728"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222325001",
"Comment": "chromium is earlier than 0:103.0.5060.53-alt0.p10.1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink