pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p10/ALT-PU-2022-1822/definitions.json
pepelyaevip 9e3addb072 ALT Vulnerability
2024-01-10 07:45:25 +00:00

447 lines
21 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20221822",
"Version": "oval:org.altlinux.errata:def:20221822",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-1822: package `chromium` update to version 101.0.4951.41-alt0.p10.1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-1822",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-1822",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-04377",
"RefURL": "https://bdu.fstec.ru/vul/2022-04377",
"Source": "BDU"
},
{
"RefID": "CVE-2022-1477",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1477",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1478",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1478",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1479",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1479",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1480",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1480",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1481",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1481",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1482",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1482",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1483",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1483",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1484",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1484",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1485",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1485",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1486",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1486",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1487",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1487",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1488",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1488",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1489",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1489",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1490",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1490",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1491",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1491",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1492",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1492",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1493",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1493",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1494",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1494",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1495",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1495",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1496",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1496",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1497",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1497",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1498",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1498",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1499",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1499",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1500",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1500",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1501",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1501",
"Source": "CVE"
},
{
"RefID": "CVE-2022-1919",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-1919",
"Source": "CVE"
}
],
"Description": "This update upgrades chromium to version 101.0.4951.41-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2022-04377: Уязвимость браузеров Firefox, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании\n\n * CVE-2022-1477: Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-1478: Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-1479: Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-1480: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none\n\n * CVE-2022-1481: Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-1482: Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-1483: Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-1484: Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-1485: Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-1486: Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.\n\n * CVE-2022-1487: Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via running a Wayland test.\n\n * CVE-2022-1488: Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.\n\n * CVE-2022-1489: Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.\n\n * CVE-2022-1490: Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.\n\n * CVE-2022-1491: Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.\n\n * CVE-2022-1492: Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.\n\n * CVE-2022-1493: Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.\n\n * CVE-2022-1494: Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.\n\n * CVE-2022-1495: Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.\n\n * CVE-2022-1496: Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.\n\n * CVE-2022-1497: Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.\n\n * CVE-2022-1498: Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.\n\n * CVE-2022-1499: Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.\n\n * CVE-2022-1500: Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.\n\n * CVE-2022-1501: Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.\n\n * CVE-2022-1919: Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2023 BaseALT Ltd.",
"Issued": {
"Date": "2022-05-05"
},
"Updated": {
"Date": "2022-05-05"
},
"bdu": [
{
"Cvss": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"Cvss3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2022-04377",
"Impact": "High",
"Public": "20220531",
"CveID": "BDU:2022-04377"
}
],
"Cves": [
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1477",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1477"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1478",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1478"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1479",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1479"
},
{
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1480",
"Impact": "None",
"Public": "20221003",
"CveID": "CVE-2022-1480"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1481",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1481"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1482",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1482"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1483",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1483"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1484",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1484"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1485",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1485"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-843",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1486",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1486"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1487",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1487"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"Cwe": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1488",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1488"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1489",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1489"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1490",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1490"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1491",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1491"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1492",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1492"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1493",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1493"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"Cwe": "CWE-79",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1494",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1494"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"Cwe": "CWE-290",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1495",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1495"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1496",
"Impact": "High",
"Public": "20220726",
"CveID": "CVE-2022-1496"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"Cwe": "CWE-346",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1497",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1497"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"Cwe": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1498",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1498"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"Cwe": "CWE-863",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1499",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1499"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"Cwe": "CWE-20",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1500",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1500"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"Cwe": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1501",
"Impact": "Low",
"Public": "20220726",
"CveID": "CVE-2022-1501"
},
{
"Cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"Cwe": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-1919",
"Impact": "High",
"Public": "20220728",
"CveID": "CVE-2022-1919"
}
],
"AffectedCpeList": {
"Cpe": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:kworkstation:10.1",
"cpe:/o:alt:workstation:10.1",
"cpe:/o:alt:server:10.1",
"cpe:/o:alt:server-v:10.1",
"cpe:/o:alt:education:10.1",
"cpe:/o:alt:slinux:10.1",
"cpe:/o:alt:starterkit:10.1",
"cpe:/o:alt:kworkstation:10.2",
"cpe:/o:alt:workstation:10.2",
"cpe:/o:alt:server:10.2",
"cpe:/o:alt:server-v:10.2",
"cpe:/o:alt:education:10.2",
"cpe:/o:alt:slinux:10.2",
"cpe:/o:alt:starterkit:10.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20221822001",
"Comment": "chromium is earlier than 0:101.0.4951.41-alt0.p10.1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink