diff --git a/security/vuxml/files/tidy.xsl b/security/vuxml/files/tidy.xsl index 8bf948a94b6e..e48c36c691c2 100644 --- a/security/vuxml/files/tidy.xsl +++ b/security/vuxml/files/tidy.xsl @@ -1,132 +1,133 @@ + ]> ]]> diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml new file mode 100644 index 000000000000..d2a5f1dfed62 --- /dev/null +++ b/security/vuxml/vuln-2022.xml @@ -0,0 +1,104 @@ + + chromium -- multiple vulnerabilities + + + chromium + 97.0.4692.71 + + + + +

Chrome Releases reports:

+
+

This release contains 37 security fixes, including:

+
    +
  • [$TBD][1275020] Critical CVE-2022-0096: Use after free in + Storage. Reported by Yangkang (@dnpushme) of 360 ATA on + 2021-11-30
  • +
  • [1117173] High CVE-2022-0097: Inappropriate implementation in + DevTools. Reported by David Erceg on 2020-08-17
  • +
  • [1273609] High CVE-2022-0098: Use after free in Screen Capture. + Reported by @ginggilBesel on 2021-11-24
  • +
  • [1245629] High CVE-2022-0099: Use after free in Sign-in. + Reported by Rox on 2021-09-01
  • +
  • [1238209] High CVE-2022-0100: Heap buffer overflow in Media + streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO + Mobile Telecommunications Corp. Ltd. on 2021-08-10
  • +
  • [1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks. + Reported by raven (@raid_akame) on 2021-09-14
  • +
  • [1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by + Brendon Tiszka on 2021-10-14
  • +
  • [1272266] High CVE-2022-0103: Use after free in SwiftShader. + Reported by Abraruddin Khan and Omair on 2021-11-21
  • +
  • [1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE. + Reported by Abraruddin Khan and Omair on 2021-11-25
  • +
  • [1274376] High CVE-2022-0105: Use after free in PDF. Reported by + Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications + Corp. Ltd. on 2021-11-28
  • +
  • [1278960] High CVE-2022-0106: Use after free in Autofill. + Reported by Khalil Zhani on 2021-12-10
  • +
  • [1248438] Medium CVE-2022-0107: Use after free in File Manager + API. Reported by raven (@raid_akame) on 2021-09-10
  • +
  • [1248444] Medium CVE-2022-0108: Inappropriate implementation in + Navigation. Reported by Luan Herrera (@lbherrera_) on + 2021-09-10
  • +
  • [1261689] Medium CVE-2022-0109: Inappropriate implementation in + Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at + Seoul National University on 2021-10-20
  • +
  • [1237310] Medium CVE-2022-0110: Incorrect security UI in + Autofill. Reported by Alesandro Ortiz on 2021-08-06
  • +
  • [1241188] Medium CVE-2022-0111: Inappropriate implementation in + Navigation. Reported by garygreen on 2021-08-18
  • +
  • [1255713] Medium CVE-2022-0112: Incorrect security UI in Browser + UI. Reported by Thomas Orlita on 2021-10-04
  • +
  • [1039885] Medium CVE-2022-0113: Inappropriate implementation in + Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07
  • +
  • [1267627] Medium CVE-2022-0114: Out of bounds memory access in + Web Serial. Reported by Looben Yang on 2021-11-06
  • +
  • [1268903] Medium CVE-2022-0115: Uninitialized Use in File API. + Reported by Mark Brand of Google Project Zero on 2021-11-10
  • +
  • [1272250] Medium CVE-2022-0116: Inappropriate implementation in + Compositing. Reported by Irvan Kurniawan (sourc7) on + 2021-11-20
  • +
  • [1115847] Low CVE-2022-0117: Policy bypass in Service Workers. + Reported by Dongsung Kim (@kid1ng) on 2020-08-13
  • +
  • [1238631] Low CVE-2022-0118: Inappropriate implementation in + WebShare. Reported by Alesandro Ortiz on 2021-08-11
  • +
  • [1262953] Low CVE-2022-0120: Inappropriate implementation in + Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25
  • +
+
+ +
+ + CVE-2022-0096 + CVE-2022-0097 + CVE-2022-0098 + CVE-2022-0099 + CVE-2022-0100 + CVE-2022-0101 + CVE-2022-0102 + CVE-2022-0103 + CVE-2022-0104 + CVE-2022-0105 + CVE-2022-0106 + CVE-2022-0107 + CVE-2022-0108 + CVE-2022-0109 + CVE-2022-0110 + CVE-2022-0111 + CVE-2022-0112 + CVE-2022-0113 + CVE-2022-0114 + CVE-2022-0115 + CVE-2022-0116 + CVE-2022-0117 + CVE-2022-0118 + CVE-2022-0120 + https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html + + + 2022-01-04 + 2022-01-05 + +
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 25512c70513c..845b3df9e509 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -1,102 +1,104 @@ + ]> +&vuln-2022; &vuln-2021; &vuln-2020; &vuln-2019; &vuln-2018; &vuln-2017; &vuln-2016; &vuln-2015; &vuln-2014; &vuln-2013; &vuln-2012; &vuln-2011; &vuln-2010; &vuln-2009; &vuln-2008; &vuln-2007; &vuln-2006; &vuln-2005; &vuln-2004; &vuln-2003;