blob: fb30d1dcd7fc01b868d0f312e400900d31f9b347 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
|
<vuln vid="d3e023fb-6e88-11ec-b948-080027240888">
<topic>Django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py37-django22</name>
<name>py38-django22</name>
<name>py39-django22</name>
<range><lt>2.2.26</lt></range>
</package>
<package>
<name>py37-django32</name>
<name>py38-django32</name>
<name>py39-django32</name>
<range><lt>3.2.11</lt></range>
</package>
<package>
<name>py37-django40</name>
<name>py38-django40</name>
<name>py39-django40</name>
<range><lt>4.0.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django Release reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2022/jan/04/security-releases/">
<p>CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator.</p>
<p>CVE-2021-45116: Potential information disclosure in dictsort template filter.</p>
<p>CVE-2021-45452: Potential directory-traversal via Storage.save().</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-45115</cvename>
<cvename>CVE-2021-45116</cvename>
<cvename>CVE-2021-45452</cvename>
<url>https://www.djangoproject.com/weblog/2022/jan/04/security-releases/</url>
</references>
<dates>
<discovery>2021-12-20</discovery>
<entry>2022-01-06</entry>
</dates>
</vuln>
<vuln vid="9c990e67-6e30-11ec-82db-b42e991fc52e">
<topic>routinator -- multiple vulnerabilities</topic>
<affects>
<package>
<name>routinator</name>
<range><lt>0.10.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>nlnetlabs reports:</p>
<blockquote cite="https://nlnetlabs.nl/projects/rpki/security-advisories/">
<p>Release 0.10.2 contains fixes for the following issues:</p>
<ul>
<li>Medium CVE-2021-43172: Infinite length chain of RRDP
repositories. Credit: Koen van Hove. Date: 2021-11-09</li>
<li>Medium CVE-2021-43173: Hanging RRDP request.
Credit: Koen van Hove. Date: 2021-11-09</li>
<li>Medium CVE-2021-43174: gzip transfer encoding caused
out-of-memory crash. Credit Koen van Hove. Date: 2021-11-09</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-43172</cvename>
<cvename>CVE-2021-43173</cvename>
<cvename>CVE-2021-43174</cvename>
<url>https://nlnetlabs.nl/projects/rpki/security-advisories/</url>
</references>
<dates>
<discovery>2021-11-09</discovery>
<entry>2022-01-05</entry>
</dates>
</vuln>
<vuln vid="9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>97.0.4692.71</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html">
<p>This release contains 37 security fixes, including:</p>
<ul>
<li>[$TBD][1275020] Critical CVE-2022-0096: Use after free in
Storage. Reported by Yangkang (@dnpushme) of 360 ATA on
2021-11-30</li>
<li>[1117173] High CVE-2022-0097: Inappropriate implementation in
DevTools. Reported by David Erceg on 2020-08-17</li>
<li>[1273609] High CVE-2022-0098: Use after free in Screen Capture.
Reported by @ginggilBesel on 2021-11-24</li>
<li>[1245629] High CVE-2022-0099: Use after free in Sign-in.
Reported by Rox on 2021-09-01</li>
<li>[1238209] High CVE-2022-0100: Heap buffer overflow in Media
streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO
Mobile Telecommunications Corp. Ltd. on 2021-08-10</li>
<li>[1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks.
Reported by raven (@raid_akame) on 2021-09-14</li>
<li>[1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by
Brendon Tiszka on 2021-10-14</li>
<li>[1272266] High CVE-2022-0103: Use after free in SwiftShader.
Reported by Abraruddin Khan and Omair on 2021-11-21</li>
<li>[1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE.
Reported by Abraruddin Khan and Omair on 2021-11-25</li>
<li>[1274376] High CVE-2022-0105: Use after free in PDF. Reported by
Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
Corp. Ltd. on 2021-11-28</li>
<li>[1278960] High CVE-2022-0106: Use after free in Autofill.
Reported by Khalil Zhani on 2021-12-10</li>
<li>[1248438] Medium CVE-2022-0107: Use after free in File Manager
API. Reported by raven (@raid_akame) on 2021-09-10</li>
<li>[1248444] Medium CVE-2022-0108: Inappropriate implementation in
Navigation. Reported by Luan Herrera (@lbherrera_) on
2021-09-10</li>
<li>[1261689] Medium CVE-2022-0109: Inappropriate implementation in
Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at
Seoul National University on 2021-10-20</li>
<li>[1237310] Medium CVE-2022-0110: Incorrect security UI in
Autofill. Reported by Alesandro Ortiz on 2021-08-06</li>
<li>[1241188] Medium CVE-2022-0111: Inappropriate implementation in
Navigation. Reported by garygreen on 2021-08-18</li>
<li>[1255713] Medium CVE-2022-0112: Incorrect security UI in Browser
UI. Reported by Thomas Orlita on 2021-10-04</li>
<li>[1039885] Medium CVE-2022-0113: Inappropriate implementation in
Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07</li>
<li>[1267627] Medium CVE-2022-0114: Out of bounds memory access in
Web Serial. Reported by Looben Yang on 2021-11-06</li>
<li>[1268903] Medium CVE-2022-0115: Uninitialized Use in File API.
Reported by Mark Brand of Google Project Zero on 2021-11-10</li>
<li>[1272250] Medium CVE-2022-0116: Inappropriate implementation in
Compositing. Reported by Irvan Kurniawan (sourc7) on
2021-11-20</li>
<li>[1115847] Low CVE-2022-0117: Policy bypass in Service Workers.
Reported by Dongsung Kim (@kid1ng) on 2020-08-13</li>
<li>[1238631] Low CVE-2022-0118: Inappropriate implementation in
WebShare. Reported by Alesandro Ortiz on 2021-08-11</li>
<li>[1262953] Low CVE-2022-0120: Inappropriate implementation in
Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0096</cvename>
<cvename>CVE-2022-0097</cvename>
<cvename>CVE-2022-0098</cvename>
<cvename>CVE-2022-0099</cvename>
<cvename>CVE-2022-0100</cvename>
<cvename>CVE-2022-0101</cvename>
<cvename>CVE-2022-0102</cvename>
<cvename>CVE-2022-0103</cvename>
<cvename>CVE-2022-0104</cvename>
<cvename>CVE-2022-0105</cvename>
<cvename>CVE-2022-0106</cvename>
<cvename>CVE-2022-0107</cvename>
<cvename>CVE-2022-0108</cvename>
<cvename>CVE-2022-0109</cvename>
<cvename>CVE-2022-0110</cvename>
<cvename>CVE-2022-0111</cvename>
<cvename>CVE-2022-0112</cvename>
<cvename>CVE-2022-0113</cvename>
<cvename>CVE-2022-0114</cvename>
<cvename>CVE-2022-0115</cvename>
<cvename>CVE-2022-0116</cvename>
<cvename>CVE-2022-0117</cvename>
<cvename>CVE-2022-0118</cvename>
<cvename>CVE-2022-0120</cvename>
<url>https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2022-01-04</discovery>
<entry>2022-01-05</entry>
</dates>
</vuln>
|
