All the vulnerabilites related to Rockwell Automation - Enhanced HIM
var-202203-1921
Vulnerability from variot
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rockwell Automation The following vulnerabilities exist in multiple products provided by . * Mistake of type (CWE-843) - CVE-2022-1096If the vulnerability is exploited, it may be affected as follows. It was * by a local third party Chromium Web Browser vulnerabilities are used to cause denial of service ( DoS ) - CVE-2022-1096. ========================================================================= Ubuntu Security Notice USN-5350-1 March 28, 2022
chromium-browser vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Chromium could be made to execute arbitrary code if it received a specially crafted input.
Software Description: - chromium-browser: Chromium web browser, open-source version of Chrome
Details:
It was discovered that Chromium incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: chromium-browser 99.0.4844.84-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5350-1 CVE-2022-1096
Package Information: https://launchpad.net/ubuntu/+source/chromium-browser/99.0.4844.84-0ubuntu0.18.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-25
https://security.gentoo.org/
Severity: High Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372 ID: 202208-25
Synopsis
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.
Background
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-qt/qtwebengine < 5.15.5_p20220618>= 5.15.5_p20220618 2 www-client/chromium < 103.0.5060.53 >= 103.0.5060.53 3 www-client/google-chrome < 103.0.5060.53 >= 103.0.5060.53 4 www-client/microsoft-edge < 101.0.1210.47 >= 101.0.1210.47
Description
Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
All Chromium binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"
All Google Chrome users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"
All Microsoft Edge users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
All QtWebEngine users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-qt/qtwebengine-5.15.5_p20220618"
References
[ 1 ] CVE-2021-4052 https://nvd.nist.gov/vuln/detail/CVE-2021-4052 [ 2 ] CVE-2021-4053 https://nvd.nist.gov/vuln/detail/CVE-2021-4053 [ 3 ] CVE-2021-4054 https://nvd.nist.gov/vuln/detail/CVE-2021-4054 [ 4 ] CVE-2021-4055 https://nvd.nist.gov/vuln/detail/CVE-2021-4055 [ 5 ] CVE-2021-4056 https://nvd.nist.gov/vuln/detail/CVE-2021-4056 [ 6 ] CVE-2021-4057 https://nvd.nist.gov/vuln/detail/CVE-2021-4057 [ 7 ] CVE-2021-4058 https://nvd.nist.gov/vuln/detail/CVE-2021-4058 [ 8 ] CVE-2021-4059 https://nvd.nist.gov/vuln/detail/CVE-2021-4059 [ 9 ] CVE-2021-4061 https://nvd.nist.gov/vuln/detail/CVE-2021-4061 [ 10 ] CVE-2021-4062 https://nvd.nist.gov/vuln/detail/CVE-2021-4062 [ 11 ] CVE-2021-4063 https://nvd.nist.gov/vuln/detail/CVE-2021-4063 [ 12 ] CVE-2021-4064 https://nvd.nist.gov/vuln/detail/CVE-2021-4064 [ 13 ] CVE-2021-4065 https://nvd.nist.gov/vuln/detail/CVE-2021-4065 [ 14 ] CVE-2021-4066 https://nvd.nist.gov/vuln/detail/CVE-2021-4066 [ 15 ] CVE-2021-4067 https://nvd.nist.gov/vuln/detail/CVE-2021-4067 [ 16 ] CVE-2021-4068 https://nvd.nist.gov/vuln/detail/CVE-2021-4068 [ 17 ] CVE-2021-4078 https://nvd.nist.gov/vuln/detail/CVE-2021-4078 [ 18 ] CVE-2021-4079 https://nvd.nist.gov/vuln/detail/CVE-2021-4079 [ 19 ] CVE-2021-30551 https://nvd.nist.gov/vuln/detail/CVE-2021-30551 [ 20 ] CVE-2022-0789 https://nvd.nist.gov/vuln/detail/CVE-2022-0789 [ 21 ] CVE-2022-0790 https://nvd.nist.gov/vuln/detail/CVE-2022-0790 [ 22 ] CVE-2022-0791 https://nvd.nist.gov/vuln/detail/CVE-2022-0791 [ 23 ] CVE-2022-0792 https://nvd.nist.gov/vuln/detail/CVE-2022-0792 [ 24 ] CVE-2022-0793 https://nvd.nist.gov/vuln/detail/CVE-2022-0793 [ 25 ] CVE-2022-0794 https://nvd.nist.gov/vuln/detail/CVE-2022-0794 [ 26 ] CVE-2022-0795 https://nvd.nist.gov/vuln/detail/CVE-2022-0795 [ 27 ] CVE-2022-0796 https://nvd.nist.gov/vuln/detail/CVE-2022-0796 [ 28 ] CVE-2022-0797 https://nvd.nist.gov/vuln/detail/CVE-2022-0797 [ 29 ] CVE-2022-0798 https://nvd.nist.gov/vuln/detail/CVE-2022-0798 [ 30 ] CVE-2022-0799 https://nvd.nist.gov/vuln/detail/CVE-2022-0799 [ 31 ] CVE-2022-0800 https://nvd.nist.gov/vuln/detail/CVE-2022-0800 [ 32 ] CVE-2022-0801 https://nvd.nist.gov/vuln/detail/CVE-2022-0801 [ 33 ] CVE-2022-0802 https://nvd.nist.gov/vuln/detail/CVE-2022-0802 [ 34 ] CVE-2022-0803 https://nvd.nist.gov/vuln/detail/CVE-2022-0803 [ 35 ] CVE-2022-0804 https://nvd.nist.gov/vuln/detail/CVE-2022-0804 [ 36 ] CVE-2022-0805 https://nvd.nist.gov/vuln/detail/CVE-2022-0805 [ 37 ] CVE-2022-0806 https://nvd.nist.gov/vuln/detail/CVE-2022-0806 [ 38 ] CVE-2022-0807 https://nvd.nist.gov/vuln/detail/CVE-2022-0807 [ 39 ] CVE-2022-0808 https://nvd.nist.gov/vuln/detail/CVE-2022-0808 [ 40 ] CVE-2022-0809 https://nvd.nist.gov/vuln/detail/CVE-2022-0809 [ 41 ] CVE-2022-0971 https://nvd.nist.gov/vuln/detail/CVE-2022-0971 [ 42 ] CVE-2022-0972 https://nvd.nist.gov/vuln/detail/CVE-2022-0972 [ 43 ] CVE-2022-0973 https://nvd.nist.gov/vuln/detail/CVE-2022-0973 [ 44 ] CVE-2022-0974 https://nvd.nist.gov/vuln/detail/CVE-2022-0974 [ 45 ] CVE-2022-0975 https://nvd.nist.gov/vuln/detail/CVE-2022-0975 [ 46 ] CVE-2022-0976 https://nvd.nist.gov/vuln/detail/CVE-2022-0976 [ 47 ] CVE-2022-0977 https://nvd.nist.gov/vuln/detail/CVE-2022-0977 [ 48 ] CVE-2022-0978 https://nvd.nist.gov/vuln/detail/CVE-2022-0978 [ 49 ] CVE-2022-0979 https://nvd.nist.gov/vuln/detail/CVE-2022-0979 [ 50 ] CVE-2022-0980 https://nvd.nist.gov/vuln/detail/CVE-2022-0980 [ 51 ] CVE-2022-1096 https://nvd.nist.gov/vuln/detail/CVE-2022-1096 [ 52 ] CVE-2022-1125 https://nvd.nist.gov/vuln/detail/CVE-2022-1125 [ 53 ] CVE-2022-1127 https://nvd.nist.gov/vuln/detail/CVE-2022-1127 [ 54 ] CVE-2022-1128 https://nvd.nist.gov/vuln/detail/CVE-2022-1128 [ 55 ] CVE-2022-1129 https://nvd.nist.gov/vuln/detail/CVE-2022-1129 [ 56 ] CVE-2022-1130 https://nvd.nist.gov/vuln/detail/CVE-2022-1130 [ 57 ] CVE-2022-1131 https://nvd.nist.gov/vuln/detail/CVE-2022-1131 [ 58 ] CVE-2022-1132 https://nvd.nist.gov/vuln/detail/CVE-2022-1132 [ 59 ] CVE-2022-1133 https://nvd.nist.gov/vuln/detail/CVE-2022-1133 [ 60 ] CVE-2022-1134 https://nvd.nist.gov/vuln/detail/CVE-2022-1134 [ 61 ] CVE-2022-1135 https://nvd.nist.gov/vuln/detail/CVE-2022-1135 [ 62 ] CVE-2022-1136 https://nvd.nist.gov/vuln/detail/CVE-2022-1136 [ 63 ] CVE-2022-1137 https://nvd.nist.gov/vuln/detail/CVE-2022-1137 [ 64 ] CVE-2022-1138 https://nvd.nist.gov/vuln/detail/CVE-2022-1138 [ 65 ] CVE-2022-1139 https://nvd.nist.gov/vuln/detail/CVE-2022-1139 [ 66 ] CVE-2022-1141 https://nvd.nist.gov/vuln/detail/CVE-2022-1141 [ 67 ] CVE-2022-1142 https://nvd.nist.gov/vuln/detail/CVE-2022-1142 [ 68 ] CVE-2022-1143 https://nvd.nist.gov/vuln/detail/CVE-2022-1143 [ 69 ] CVE-2022-1144 https://nvd.nist.gov/vuln/detail/CVE-2022-1144 [ 70 ] CVE-2022-1145 https://nvd.nist.gov/vuln/detail/CVE-2022-1145 [ 71 ] CVE-2022-1146 https://nvd.nist.gov/vuln/detail/CVE-2022-1146 [ 72 ] CVE-2022-1232 https://nvd.nist.gov/vuln/detail/CVE-2022-1232 [ 73 ] CVE-2022-1305 https://nvd.nist.gov/vuln/detail/CVE-2022-1305 [ 74 ] CVE-2022-1306 https://nvd.nist.gov/vuln/detail/CVE-2022-1306 [ 75 ] CVE-2022-1307 https://nvd.nist.gov/vuln/detail/CVE-2022-1307 [ 76 ] CVE-2022-1308 https://nvd.nist.gov/vuln/detail/CVE-2022-1308 [ 77 ] CVE-2022-1309 https://nvd.nist.gov/vuln/detail/CVE-2022-1309 [ 78 ] CVE-2022-1310 https://nvd.nist.gov/vuln/detail/CVE-2022-1310 [ 79 ] CVE-2022-1311 https://nvd.nist.gov/vuln/detail/CVE-2022-1311 [ 80 ] CVE-2022-1312 https://nvd.nist.gov/vuln/detail/CVE-2022-1312 [ 81 ] CVE-2022-1313 https://nvd.nist.gov/vuln/detail/CVE-2022-1313 [ 82 ] CVE-2022-1314 https://nvd.nist.gov/vuln/detail/CVE-2022-1314 [ 83 ] CVE-2022-1364 https://nvd.nist.gov/vuln/detail/CVE-2022-1364 [ 84 ] CVE-2022-1477 https://nvd.nist.gov/vuln/detail/CVE-2022-1477 [ 85 ] CVE-2022-1478 https://nvd.nist.gov/vuln/detail/CVE-2022-1478 [ 86 ] CVE-2022-1479 https://nvd.nist.gov/vuln/detail/CVE-2022-1479 [ 87 ] CVE-2022-1480 https://nvd.nist.gov/vuln/detail/CVE-2022-1480 [ 88 ] CVE-2022-1481 https://nvd.nist.gov/vuln/detail/CVE-2022-1481 [ 89 ] CVE-2022-1482 https://nvd.nist.gov/vuln/detail/CVE-2022-1482 [ 90 ] CVE-2022-1483 https://nvd.nist.gov/vuln/detail/CVE-2022-1483 [ 91 ] CVE-2022-1484 https://nvd.nist.gov/vuln/detail/CVE-2022-1484 [ 92 ] CVE-2022-1485 https://nvd.nist.gov/vuln/detail/CVE-2022-1485 [ 93 ] CVE-2022-1486 https://nvd.nist.gov/vuln/detail/CVE-2022-1486 [ 94 ] CVE-2022-1487 https://nvd.nist.gov/vuln/detail/CVE-2022-1487 [ 95 ] CVE-2022-1488 https://nvd.nist.gov/vuln/detail/CVE-2022-1488 [ 96 ] CVE-2022-1489 https://nvd.nist.gov/vuln/detail/CVE-2022-1489 [ 97 ] CVE-2022-1490 https://nvd.nist.gov/vuln/detail/CVE-2022-1490 [ 98 ] CVE-2022-1491 https://nvd.nist.gov/vuln/detail/CVE-2022-1491 [ 99 ] CVE-2022-1492 https://nvd.nist.gov/vuln/detail/CVE-2022-1492 [ 100 ] CVE-2022-1493 https://nvd.nist.gov/vuln/detail/CVE-2022-1493 [ 101 ] CVE-2022-1494 https://nvd.nist.gov/vuln/detail/CVE-2022-1494 [ 102 ] CVE-2022-1495 https://nvd.nist.gov/vuln/detail/CVE-2022-1495 [ 103 ] CVE-2022-1496 https://nvd.nist.gov/vuln/detail/CVE-2022-1496 [ 104 ] CVE-2022-1497 https://nvd.nist.gov/vuln/detail/CVE-2022-1497 [ 105 ] CVE-2022-1498 https://nvd.nist.gov/vuln/detail/CVE-2022-1498 [ 106 ] CVE-2022-1499 https://nvd.nist.gov/vuln/detail/CVE-2022-1499 [ 107 ] CVE-2022-1500 https://nvd.nist.gov/vuln/detail/CVE-2022-1500 [ 108 ] CVE-2022-1501 https://nvd.nist.gov/vuln/detail/CVE-2022-1501 [ 109 ] CVE-2022-1633 https://nvd.nist.gov/vuln/detail/CVE-2022-1633 [ 110 ] CVE-2022-1634 https://nvd.nist.gov/vuln/detail/CVE-2022-1634 [ 111 ] CVE-2022-1635 https://nvd.nist.gov/vuln/detail/CVE-2022-1635 [ 112 ] CVE-2022-1636 https://nvd.nist.gov/vuln/detail/CVE-2022-1636 [ 113 ] CVE-2022-1637 https://nvd.nist.gov/vuln/detail/CVE-2022-1637 [ 114 ] CVE-2022-1639 https://nvd.nist.gov/vuln/detail/CVE-2022-1639 [ 115 ] CVE-2022-1640 https://nvd.nist.gov/vuln/detail/CVE-2022-1640 [ 116 ] CVE-2022-1641 https://nvd.nist.gov/vuln/detail/CVE-2022-1641 [ 117 ] CVE-2022-1853 https://nvd.nist.gov/vuln/detail/CVE-2022-1853 [ 118 ] CVE-2022-1854 https://nvd.nist.gov/vuln/detail/CVE-2022-1854 [ 119 ] CVE-2022-1855 https://nvd.nist.gov/vuln/detail/CVE-2022-1855 [ 120 ] CVE-2022-1856 https://nvd.nist.gov/vuln/detail/CVE-2022-1856 [ 121 ] CVE-2022-1857 https://nvd.nist.gov/vuln/detail/CVE-2022-1857 [ 122 ] CVE-2022-1858 https://nvd.nist.gov/vuln/detail/CVE-2022-1858 [ 123 ] CVE-2022-1859 https://nvd.nist.gov/vuln/detail/CVE-2022-1859 [ 124 ] CVE-2022-1860 https://nvd.nist.gov/vuln/detail/CVE-2022-1860 [ 125 ] CVE-2022-1861 https://nvd.nist.gov/vuln/detail/CVE-2022-1861 [ 126 ] CVE-2022-1862 https://nvd.nist.gov/vuln/detail/CVE-2022-1862 [ 127 ] CVE-2022-1863 https://nvd.nist.gov/vuln/detail/CVE-2022-1863 [ 128 ] CVE-2022-1864 https://nvd.nist.gov/vuln/detail/CVE-2022-1864 [ 129 ] CVE-2022-1865 https://nvd.nist.gov/vuln/detail/CVE-2022-1865 [ 130 ] CVE-2022-1866 https://nvd.nist.gov/vuln/detail/CVE-2022-1866 [ 131 ] CVE-2022-1867 https://nvd.nist.gov/vuln/detail/CVE-2022-1867 [ 132 ] CVE-2022-1868 https://nvd.nist.gov/vuln/detail/CVE-2022-1868 [ 133 ] CVE-2022-1869 https://nvd.nist.gov/vuln/detail/CVE-2022-1869 [ 134 ] CVE-2022-1870 https://nvd.nist.gov/vuln/detail/CVE-2022-1870 [ 135 ] CVE-2022-1871 https://nvd.nist.gov/vuln/detail/CVE-2022-1871 [ 136 ] CVE-2022-1872 https://nvd.nist.gov/vuln/detail/CVE-2022-1872 [ 137 ] CVE-2022-1873 https://nvd.nist.gov/vuln/detail/CVE-2022-1873 [ 138 ] CVE-2022-1874 https://nvd.nist.gov/vuln/detail/CVE-2022-1874 [ 139 ] CVE-2022-1875 https://nvd.nist.gov/vuln/detail/CVE-2022-1875 [ 140 ] CVE-2022-1876 https://nvd.nist.gov/vuln/detail/CVE-2022-1876 [ 141 ] CVE-2022-2007 https://nvd.nist.gov/vuln/detail/CVE-2022-2007 [ 142 ] CVE-2022-2010 https://nvd.nist.gov/vuln/detail/CVE-2022-2010 [ 143 ] CVE-2022-2011 https://nvd.nist.gov/vuln/detail/CVE-2022-2011 [ 144 ] CVE-2022-2156 https://nvd.nist.gov/vuln/detail/CVE-2022-2156 [ 145 ] CVE-2022-2157 https://nvd.nist.gov/vuln/detail/CVE-2022-2157 [ 146 ] CVE-2022-2158 https://nvd.nist.gov/vuln/detail/CVE-2022-2158 [ 147 ] CVE-2022-2160 https://nvd.nist.gov/vuln/detail/CVE-2022-2160 [ 148 ] CVE-2022-2161 https://nvd.nist.gov/vuln/detail/CVE-2022-2161 [ 149 ] CVE-2022-2162 https://nvd.nist.gov/vuln/detail/CVE-2022-2162 [ 150 ] CVE-2022-2163 https://nvd.nist.gov/vuln/detail/CVE-2022-2163 [ 151 ] CVE-2022-2164 https://nvd.nist.gov/vuln/detail/CVE-2022-2164 [ 152 ] CVE-2022-2165 https://nvd.nist.gov/vuln/detail/CVE-2022-2165 [ 153 ] CVE-2022-22021 https://nvd.nist.gov/vuln/detail/CVE-2022-22021 [ 154 ] CVE-2022-24475 https://nvd.nist.gov/vuln/detail/CVE-2022-24475 [ 155 ] CVE-2022-24523 https://nvd.nist.gov/vuln/detail/CVE-2022-24523 [ 156 ] CVE-2022-26891 https://nvd.nist.gov/vuln/detail/CVE-2022-26891 [ 157 ] CVE-2022-26894 https://nvd.nist.gov/vuln/detail/CVE-2022-26894 [ 158 ] CVE-2022-26895 https://nvd.nist.gov/vuln/detail/CVE-2022-26895 [ 159 ] CVE-2022-26900 https://nvd.nist.gov/vuln/detail/CVE-2022-26900 [ 160 ] CVE-2022-26905 https://nvd.nist.gov/vuln/detail/CVE-2022-26905 [ 161 ] CVE-2022-26908 https://nvd.nist.gov/vuln/detail/CVE-2022-26908 [ 162 ] CVE-2022-26909 https://nvd.nist.gov/vuln/detail/CVE-2022-26909 [ 163 ] CVE-2022-26912 https://nvd.nist.gov/vuln/detail/CVE-2022-26912 [ 164 ] CVE-2022-29144 https://nvd.nist.gov/vuln/detail/CVE-2022-29144 [ 165 ] CVE-2022-29146 https://nvd.nist.gov/vuln/detail/CVE-2022-29146 [ 166 ] CVE-2022-29147 https://nvd.nist.gov/vuln/detail/CVE-2022-29147 [ 167 ] CVE-2022-30127 https://nvd.nist.gov/vuln/detail/CVE-2022-30127 [ 168 ] CVE-2022-30128 https://nvd.nist.gov/vuln/detail/CVE-2022-30128 [ 169 ] CVE-2022-30192 https://nvd.nist.gov/vuln/detail/CVE-2022-30192 [ 170 ] CVE-2022-33638 https://nvd.nist.gov/vuln/detail/CVE-2022-33638 [ 171 ] CVE-2022-33639 https://nvd.nist.gov/vuln/detail/CVE-2022-33639
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-25
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (bullseye), this problem has been fixed in version 99.0.4844.84-1~deb11u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJBXaAACgkQEMKTtsN8 TjbazQ/+IzYVZN+0pj9UBLmTcMNsaUt7Hh0G1D0NsJ8yKbQ6Kan11TcOBvzkQLER E5YbdLOfVaY/OZQRRyjtjzc/WwySaC0AKKg76rYd4bo4186szqPrTApKYz+Fb+Tw 9BCzzYxVQp4nPxcxdMo2PDrCXJg4Ux/ia9dUZFbSZOF8TccxU/1nAB89nS0jCECW OhjqKHM4vcpyPF+ztnGT8Lce+wy3TwTQ/CJM3GaKLK3RF8dT9y0Ae6PP902eOw+x CKbG9EsqB47K5v7Jrbm7LfaxxF1hs7l3kiaupk5YNxgIlHV0i/dpHT39zhSFEFdZ 4F2+lpzJpvKjz9kx2iyJcNYScxMTbWKQQrEYrcNFp3wE3vPl4ndASKrOniTta6ub H2j0Jp/O0pcQTLrsVTlSPvzVgSqTBjobgsIw4JWBSeDLpaDWNQR/dhxfoCQCUvA4 SDEby7l+buKPbipoCvupeyk+cQIM+yjXKc0OZDpHGekK8NsViD5rGIVyhKmFvWcC PajYlmZu68s49eg14hrpXudTcrLL+fFkKgxI5f0Eat0BLFsW7mFl6cvEzX+ErPKT 38XlAdtsO7FGq3DerKJhAyWzZbTPBpcXtPvguIytoxl3QXxcNBvcRgeZOjqMeIhW QqFsYamZq7zcDKYon9Zljtkz1/ai1viBejcvqJK5DqePtvz4AJA= =ZIch -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202203-1921", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "chrome", "scope": "lt", "trust": 1.0, "vendor": "google", "version": "99.0.4844.84" }, { "model": "factorytalk view", "scope": "eq", "trust": 0.8, "vendor": "rockwell automation", "version": "site edition 13" }, { "model": "connected components workbench", "scope": null, "trust": 0.8, "vendor": "rockwell automation", "version": null }, { "model": "enhanced him", "scope": null, "trust": 0.8, "vendor": "rockwell automation", "version": null }, { "model": "factorytalk linx", "scope": null, "trust": 0.8, "vendor": "rockwell automation", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "db": "NVD", "id": "CVE-2022-1096" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "99.0.4844.84", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-1096" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Reported by anonymous on 2022-03-23", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-2278" } ], "trust": 0.6 }, "cve": "CVE-2022-1096", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2022-1096", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-1096", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202203-2278", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "db": "CNNVD", "id": "CNNVD-202203-2278" }, { "db": "NVD", "id": "CVE-2022-1096" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rockwell Automation The following vulnerabilities exist in multiple products provided by . * Mistake of type (CWE-843) - CVE-2022-1096If the vulnerability is exploited, it may be affected as follows. It was * by a local third party Chromium Web Browser vulnerabilities are used to cause denial of service ( DoS ) - CVE-2022-1096. =========================================================================\nUbuntu Security Notice USN-5350-1\nMarch 28, 2022\n\nchromium-browser vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nChromium could be made to execute arbitrary code if it received a specially\ncrafted input. \n\nSoftware Description:\n- chromium-browser: Chromium web browser, open-source version of Chrome\n\nDetails:\n\nIt was discovered that Chromium incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n chromium-browser 99.0.4844.84-0ubuntu0.18.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5350-1\n CVE-2022-1096\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/chromium-browser/99.0.4844.84-0ubuntu0.18.04.1\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-25\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372\n ID: 202208-25\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in Chromium and its\nderivatives, the worst of which could result in remote code execution. \n\nBackground\n=========\nChromium is an open-source browser project that aims to build a safer,\nfaster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your\ndevices. \n\nMicrosoft Edge is a browser that combines a minimal design with\nsophisticated technology to make the web faster, safer, and easier. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-qt/qtwebengine \u003c 5.15.5_p20220618\u003e= 5.15.5_p20220618\n 2 www-client/chromium \u003c 103.0.5060.53 \u003e= 103.0.5060.53\n 3 www-client/google-chrome \u003c 103.0.5060.53 \u003e= 103.0.5060.53\n 4 www-client/microsoft-edge \u003c 101.0.1210.47 \u003e= 101.0.1210.47\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Chromium and its\nderivatives. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-103.0.5060.53\"\n\nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-bin-103.0.5060.53\"\n\nAll Google Chrome users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/google-chrome-103.0.5060.53\"\n\nAll Microsoft Edge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-103.0.5060.53\"\n\nAll QtWebEngine users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-qt/qtwebengine-5.15.5_p20220618\"\n\nReferences\n=========\n[ 1 ] CVE-2021-4052\n https://nvd.nist.gov/vuln/detail/CVE-2021-4052\n[ 2 ] CVE-2021-4053\n https://nvd.nist.gov/vuln/detail/CVE-2021-4053\n[ 3 ] CVE-2021-4054\n https://nvd.nist.gov/vuln/detail/CVE-2021-4054\n[ 4 ] CVE-2021-4055\n https://nvd.nist.gov/vuln/detail/CVE-2021-4055\n[ 5 ] CVE-2021-4056\n https://nvd.nist.gov/vuln/detail/CVE-2021-4056\n[ 6 ] CVE-2021-4057\n https://nvd.nist.gov/vuln/detail/CVE-2021-4057\n[ 7 ] CVE-2021-4058\n https://nvd.nist.gov/vuln/detail/CVE-2021-4058\n[ 8 ] CVE-2021-4059\n https://nvd.nist.gov/vuln/detail/CVE-2021-4059\n[ 9 ] CVE-2021-4061\n https://nvd.nist.gov/vuln/detail/CVE-2021-4061\n[ 10 ] CVE-2021-4062\n https://nvd.nist.gov/vuln/detail/CVE-2021-4062\n[ 11 ] CVE-2021-4063\n https://nvd.nist.gov/vuln/detail/CVE-2021-4063\n[ 12 ] CVE-2021-4064\n https://nvd.nist.gov/vuln/detail/CVE-2021-4064\n[ 13 ] CVE-2021-4065\n https://nvd.nist.gov/vuln/detail/CVE-2021-4065\n[ 14 ] CVE-2021-4066\n https://nvd.nist.gov/vuln/detail/CVE-2021-4066\n[ 15 ] CVE-2021-4067\n https://nvd.nist.gov/vuln/detail/CVE-2021-4067\n[ 16 ] CVE-2021-4068\n https://nvd.nist.gov/vuln/detail/CVE-2021-4068\n[ 17 ] CVE-2021-4078\n https://nvd.nist.gov/vuln/detail/CVE-2021-4078\n[ 18 ] CVE-2021-4079\n https://nvd.nist.gov/vuln/detail/CVE-2021-4079\n[ 19 ] CVE-2021-30551\n https://nvd.nist.gov/vuln/detail/CVE-2021-30551\n[ 20 ] CVE-2022-0789\n https://nvd.nist.gov/vuln/detail/CVE-2022-0789\n[ 21 ] CVE-2022-0790\n https://nvd.nist.gov/vuln/detail/CVE-2022-0790\n[ 22 ] CVE-2022-0791\n https://nvd.nist.gov/vuln/detail/CVE-2022-0791\n[ 23 ] CVE-2022-0792\n https://nvd.nist.gov/vuln/detail/CVE-2022-0792\n[ 24 ] CVE-2022-0793\n https://nvd.nist.gov/vuln/detail/CVE-2022-0793\n[ 25 ] CVE-2022-0794\n https://nvd.nist.gov/vuln/detail/CVE-2022-0794\n[ 26 ] CVE-2022-0795\n https://nvd.nist.gov/vuln/detail/CVE-2022-0795\n[ 27 ] CVE-2022-0796\n https://nvd.nist.gov/vuln/detail/CVE-2022-0796\n[ 28 ] CVE-2022-0797\n https://nvd.nist.gov/vuln/detail/CVE-2022-0797\n[ 29 ] CVE-2022-0798\n https://nvd.nist.gov/vuln/detail/CVE-2022-0798\n[ 30 ] CVE-2022-0799\n https://nvd.nist.gov/vuln/detail/CVE-2022-0799\n[ 31 ] CVE-2022-0800\n https://nvd.nist.gov/vuln/detail/CVE-2022-0800\n[ 32 ] CVE-2022-0801\n https://nvd.nist.gov/vuln/detail/CVE-2022-0801\n[ 33 ] CVE-2022-0802\n https://nvd.nist.gov/vuln/detail/CVE-2022-0802\n[ 34 ] CVE-2022-0803\n https://nvd.nist.gov/vuln/detail/CVE-2022-0803\n[ 35 ] CVE-2022-0804\n https://nvd.nist.gov/vuln/detail/CVE-2022-0804\n[ 36 ] CVE-2022-0805\n https://nvd.nist.gov/vuln/detail/CVE-2022-0805\n[ 37 ] CVE-2022-0806\n https://nvd.nist.gov/vuln/detail/CVE-2022-0806\n[ 38 ] CVE-2022-0807\n https://nvd.nist.gov/vuln/detail/CVE-2022-0807\n[ 39 ] CVE-2022-0808\n https://nvd.nist.gov/vuln/detail/CVE-2022-0808\n[ 40 ] CVE-2022-0809\n https://nvd.nist.gov/vuln/detail/CVE-2022-0809\n[ 41 ] CVE-2022-0971\n https://nvd.nist.gov/vuln/detail/CVE-2022-0971\n[ 42 ] CVE-2022-0972\n https://nvd.nist.gov/vuln/detail/CVE-2022-0972\n[ 43 ] CVE-2022-0973\n https://nvd.nist.gov/vuln/detail/CVE-2022-0973\n[ 44 ] CVE-2022-0974\n https://nvd.nist.gov/vuln/detail/CVE-2022-0974\n[ 45 ] CVE-2022-0975\n https://nvd.nist.gov/vuln/detail/CVE-2022-0975\n[ 46 ] CVE-2022-0976\n https://nvd.nist.gov/vuln/detail/CVE-2022-0976\n[ 47 ] CVE-2022-0977\n https://nvd.nist.gov/vuln/detail/CVE-2022-0977\n[ 48 ] CVE-2022-0978\n https://nvd.nist.gov/vuln/detail/CVE-2022-0978\n[ 49 ] CVE-2022-0979\n https://nvd.nist.gov/vuln/detail/CVE-2022-0979\n[ 50 ] CVE-2022-0980\n https://nvd.nist.gov/vuln/detail/CVE-2022-0980\n[ 51 ] CVE-2022-1096\n https://nvd.nist.gov/vuln/detail/CVE-2022-1096\n[ 52 ] CVE-2022-1125\n https://nvd.nist.gov/vuln/detail/CVE-2022-1125\n[ 53 ] CVE-2022-1127\n https://nvd.nist.gov/vuln/detail/CVE-2022-1127\n[ 54 ] CVE-2022-1128\n https://nvd.nist.gov/vuln/detail/CVE-2022-1128\n[ 55 ] CVE-2022-1129\n https://nvd.nist.gov/vuln/detail/CVE-2022-1129\n[ 56 ] CVE-2022-1130\n https://nvd.nist.gov/vuln/detail/CVE-2022-1130\n[ 57 ] CVE-2022-1131\n https://nvd.nist.gov/vuln/detail/CVE-2022-1131\n[ 58 ] CVE-2022-1132\n https://nvd.nist.gov/vuln/detail/CVE-2022-1132\n[ 59 ] CVE-2022-1133\n https://nvd.nist.gov/vuln/detail/CVE-2022-1133\n[ 60 ] CVE-2022-1134\n https://nvd.nist.gov/vuln/detail/CVE-2022-1134\n[ 61 ] CVE-2022-1135\n https://nvd.nist.gov/vuln/detail/CVE-2022-1135\n[ 62 ] CVE-2022-1136\n https://nvd.nist.gov/vuln/detail/CVE-2022-1136\n[ 63 ] CVE-2022-1137\n https://nvd.nist.gov/vuln/detail/CVE-2022-1137\n[ 64 ] CVE-2022-1138\n https://nvd.nist.gov/vuln/detail/CVE-2022-1138\n[ 65 ] CVE-2022-1139\n https://nvd.nist.gov/vuln/detail/CVE-2022-1139\n[ 66 ] CVE-2022-1141\n https://nvd.nist.gov/vuln/detail/CVE-2022-1141\n[ 67 ] CVE-2022-1142\n https://nvd.nist.gov/vuln/detail/CVE-2022-1142\n[ 68 ] CVE-2022-1143\n https://nvd.nist.gov/vuln/detail/CVE-2022-1143\n[ 69 ] CVE-2022-1144\n https://nvd.nist.gov/vuln/detail/CVE-2022-1144\n[ 70 ] CVE-2022-1145\n https://nvd.nist.gov/vuln/detail/CVE-2022-1145\n[ 71 ] CVE-2022-1146\n https://nvd.nist.gov/vuln/detail/CVE-2022-1146\n[ 72 ] CVE-2022-1232\n https://nvd.nist.gov/vuln/detail/CVE-2022-1232\n[ 73 ] CVE-2022-1305\n https://nvd.nist.gov/vuln/detail/CVE-2022-1305\n[ 74 ] CVE-2022-1306\n https://nvd.nist.gov/vuln/detail/CVE-2022-1306\n[ 75 ] CVE-2022-1307\n https://nvd.nist.gov/vuln/detail/CVE-2022-1307\n[ 76 ] CVE-2022-1308\n https://nvd.nist.gov/vuln/detail/CVE-2022-1308\n[ 77 ] CVE-2022-1309\n https://nvd.nist.gov/vuln/detail/CVE-2022-1309\n[ 78 ] CVE-2022-1310\n https://nvd.nist.gov/vuln/detail/CVE-2022-1310\n[ 79 ] CVE-2022-1311\n https://nvd.nist.gov/vuln/detail/CVE-2022-1311\n[ 80 ] CVE-2022-1312\n https://nvd.nist.gov/vuln/detail/CVE-2022-1312\n[ 81 ] CVE-2022-1313\n https://nvd.nist.gov/vuln/detail/CVE-2022-1313\n[ 82 ] CVE-2022-1314\n https://nvd.nist.gov/vuln/detail/CVE-2022-1314\n[ 83 ] CVE-2022-1364\n https://nvd.nist.gov/vuln/detail/CVE-2022-1364\n[ 84 ] CVE-2022-1477\n https://nvd.nist.gov/vuln/detail/CVE-2022-1477\n[ 85 ] CVE-2022-1478\n https://nvd.nist.gov/vuln/detail/CVE-2022-1478\n[ 86 ] CVE-2022-1479\n https://nvd.nist.gov/vuln/detail/CVE-2022-1479\n[ 87 ] CVE-2022-1480\n https://nvd.nist.gov/vuln/detail/CVE-2022-1480\n[ 88 ] CVE-2022-1481\n https://nvd.nist.gov/vuln/detail/CVE-2022-1481\n[ 89 ] CVE-2022-1482\n https://nvd.nist.gov/vuln/detail/CVE-2022-1482\n[ 90 ] CVE-2022-1483\n https://nvd.nist.gov/vuln/detail/CVE-2022-1483\n[ 91 ] CVE-2022-1484\n https://nvd.nist.gov/vuln/detail/CVE-2022-1484\n[ 92 ] CVE-2022-1485\n https://nvd.nist.gov/vuln/detail/CVE-2022-1485\n[ 93 ] CVE-2022-1486\n https://nvd.nist.gov/vuln/detail/CVE-2022-1486\n[ 94 ] CVE-2022-1487\n https://nvd.nist.gov/vuln/detail/CVE-2022-1487\n[ 95 ] CVE-2022-1488\n https://nvd.nist.gov/vuln/detail/CVE-2022-1488\n[ 96 ] CVE-2022-1489\n https://nvd.nist.gov/vuln/detail/CVE-2022-1489\n[ 97 ] CVE-2022-1490\n https://nvd.nist.gov/vuln/detail/CVE-2022-1490\n[ 98 ] CVE-2022-1491\n https://nvd.nist.gov/vuln/detail/CVE-2022-1491\n[ 99 ] CVE-2022-1492\n https://nvd.nist.gov/vuln/detail/CVE-2022-1492\n[ 100 ] CVE-2022-1493\n https://nvd.nist.gov/vuln/detail/CVE-2022-1493\n[ 101 ] CVE-2022-1494\n https://nvd.nist.gov/vuln/detail/CVE-2022-1494\n[ 102 ] CVE-2022-1495\n https://nvd.nist.gov/vuln/detail/CVE-2022-1495\n[ 103 ] CVE-2022-1496\n https://nvd.nist.gov/vuln/detail/CVE-2022-1496\n[ 104 ] CVE-2022-1497\n https://nvd.nist.gov/vuln/detail/CVE-2022-1497\n[ 105 ] CVE-2022-1498\n https://nvd.nist.gov/vuln/detail/CVE-2022-1498\n[ 106 ] CVE-2022-1499\n https://nvd.nist.gov/vuln/detail/CVE-2022-1499\n[ 107 ] CVE-2022-1500\n https://nvd.nist.gov/vuln/detail/CVE-2022-1500\n[ 108 ] CVE-2022-1501\n https://nvd.nist.gov/vuln/detail/CVE-2022-1501\n[ 109 ] CVE-2022-1633\n https://nvd.nist.gov/vuln/detail/CVE-2022-1633\n[ 110 ] CVE-2022-1634\n https://nvd.nist.gov/vuln/detail/CVE-2022-1634\n[ 111 ] CVE-2022-1635\n https://nvd.nist.gov/vuln/detail/CVE-2022-1635\n[ 112 ] CVE-2022-1636\n https://nvd.nist.gov/vuln/detail/CVE-2022-1636\n[ 113 ] CVE-2022-1637\n https://nvd.nist.gov/vuln/detail/CVE-2022-1637\n[ 114 ] CVE-2022-1639\n https://nvd.nist.gov/vuln/detail/CVE-2022-1639\n[ 115 ] CVE-2022-1640\n https://nvd.nist.gov/vuln/detail/CVE-2022-1640\n[ 116 ] CVE-2022-1641\n https://nvd.nist.gov/vuln/detail/CVE-2022-1641\n[ 117 ] CVE-2022-1853\n https://nvd.nist.gov/vuln/detail/CVE-2022-1853\n[ 118 ] CVE-2022-1854\n https://nvd.nist.gov/vuln/detail/CVE-2022-1854\n[ 119 ] CVE-2022-1855\n https://nvd.nist.gov/vuln/detail/CVE-2022-1855\n[ 120 ] CVE-2022-1856\n https://nvd.nist.gov/vuln/detail/CVE-2022-1856\n[ 121 ] CVE-2022-1857\n https://nvd.nist.gov/vuln/detail/CVE-2022-1857\n[ 122 ] CVE-2022-1858\n https://nvd.nist.gov/vuln/detail/CVE-2022-1858\n[ 123 ] CVE-2022-1859\n https://nvd.nist.gov/vuln/detail/CVE-2022-1859\n[ 124 ] CVE-2022-1860\n https://nvd.nist.gov/vuln/detail/CVE-2022-1860\n[ 125 ] CVE-2022-1861\n https://nvd.nist.gov/vuln/detail/CVE-2022-1861\n[ 126 ] CVE-2022-1862\n https://nvd.nist.gov/vuln/detail/CVE-2022-1862\n[ 127 ] CVE-2022-1863\n https://nvd.nist.gov/vuln/detail/CVE-2022-1863\n[ 128 ] CVE-2022-1864\n https://nvd.nist.gov/vuln/detail/CVE-2022-1864\n[ 129 ] CVE-2022-1865\n https://nvd.nist.gov/vuln/detail/CVE-2022-1865\n[ 130 ] CVE-2022-1866\n https://nvd.nist.gov/vuln/detail/CVE-2022-1866\n[ 131 ] CVE-2022-1867\n https://nvd.nist.gov/vuln/detail/CVE-2022-1867\n[ 132 ] CVE-2022-1868\n https://nvd.nist.gov/vuln/detail/CVE-2022-1868\n[ 133 ] CVE-2022-1869\n https://nvd.nist.gov/vuln/detail/CVE-2022-1869\n[ 134 ] CVE-2022-1870\n https://nvd.nist.gov/vuln/detail/CVE-2022-1870\n[ 135 ] CVE-2022-1871\n https://nvd.nist.gov/vuln/detail/CVE-2022-1871\n[ 136 ] CVE-2022-1872\n https://nvd.nist.gov/vuln/detail/CVE-2022-1872\n[ 137 ] CVE-2022-1873\n https://nvd.nist.gov/vuln/detail/CVE-2022-1873\n[ 138 ] CVE-2022-1874\n https://nvd.nist.gov/vuln/detail/CVE-2022-1874\n[ 139 ] CVE-2022-1875\n https://nvd.nist.gov/vuln/detail/CVE-2022-1875\n[ 140 ] CVE-2022-1876\n https://nvd.nist.gov/vuln/detail/CVE-2022-1876\n[ 141 ] CVE-2022-2007\n https://nvd.nist.gov/vuln/detail/CVE-2022-2007\n[ 142 ] CVE-2022-2010\n https://nvd.nist.gov/vuln/detail/CVE-2022-2010\n[ 143 ] CVE-2022-2011\n https://nvd.nist.gov/vuln/detail/CVE-2022-2011\n[ 144 ] CVE-2022-2156\n https://nvd.nist.gov/vuln/detail/CVE-2022-2156\n[ 145 ] CVE-2022-2157\n https://nvd.nist.gov/vuln/detail/CVE-2022-2157\n[ 146 ] CVE-2022-2158\n https://nvd.nist.gov/vuln/detail/CVE-2022-2158\n[ 147 ] CVE-2022-2160\n https://nvd.nist.gov/vuln/detail/CVE-2022-2160\n[ 148 ] CVE-2022-2161\n https://nvd.nist.gov/vuln/detail/CVE-2022-2161\n[ 149 ] CVE-2022-2162\n https://nvd.nist.gov/vuln/detail/CVE-2022-2162\n[ 150 ] CVE-2022-2163\n https://nvd.nist.gov/vuln/detail/CVE-2022-2163\n[ 151 ] CVE-2022-2164\n https://nvd.nist.gov/vuln/detail/CVE-2022-2164\n[ 152 ] CVE-2022-2165\n https://nvd.nist.gov/vuln/detail/CVE-2022-2165\n[ 153 ] CVE-2022-22021\n https://nvd.nist.gov/vuln/detail/CVE-2022-22021\n[ 154 ] CVE-2022-24475\n https://nvd.nist.gov/vuln/detail/CVE-2022-24475\n[ 155 ] CVE-2022-24523\n https://nvd.nist.gov/vuln/detail/CVE-2022-24523\n[ 156 ] CVE-2022-26891\n https://nvd.nist.gov/vuln/detail/CVE-2022-26891\n[ 157 ] CVE-2022-26894\n https://nvd.nist.gov/vuln/detail/CVE-2022-26894\n[ 158 ] CVE-2022-26895\n https://nvd.nist.gov/vuln/detail/CVE-2022-26895\n[ 159 ] CVE-2022-26900\n https://nvd.nist.gov/vuln/detail/CVE-2022-26900\n[ 160 ] CVE-2022-26905\n https://nvd.nist.gov/vuln/detail/CVE-2022-26905\n[ 161 ] CVE-2022-26908\n https://nvd.nist.gov/vuln/detail/CVE-2022-26908\n[ 162 ] CVE-2022-26909\n https://nvd.nist.gov/vuln/detail/CVE-2022-26909\n[ 163 ] CVE-2022-26912\n https://nvd.nist.gov/vuln/detail/CVE-2022-26912\n[ 164 ] CVE-2022-29144\n https://nvd.nist.gov/vuln/detail/CVE-2022-29144\n[ 165 ] CVE-2022-29146\n https://nvd.nist.gov/vuln/detail/CVE-2022-29146\n[ 166 ] CVE-2022-29147\n https://nvd.nist.gov/vuln/detail/CVE-2022-29147\n[ 167 ] CVE-2022-30127\n https://nvd.nist.gov/vuln/detail/CVE-2022-30127\n[ 168 ] CVE-2022-30128\n https://nvd.nist.gov/vuln/detail/CVE-2022-30128\n[ 169 ] CVE-2022-30192\n https://nvd.nist.gov/vuln/detail/CVE-2022-30192\n[ 170 ] CVE-2022-33638\n https://nvd.nist.gov/vuln/detail/CVE-2022-33638\n[ 171 ] CVE-2022-33639\n https://nvd.nist.gov/vuln/detail/CVE-2022-33639\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-25\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 99.0.4844.84-1~deb11u1. \n\nWe recommend that you upgrade your chromium packages. \n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJBXaAACgkQEMKTtsN8\nTjbazQ/+IzYVZN+0pj9UBLmTcMNsaUt7Hh0G1D0NsJ8yKbQ6Kan11TcOBvzkQLER\nE5YbdLOfVaY/OZQRRyjtjzc/WwySaC0AKKg76rYd4bo4186szqPrTApKYz+Fb+Tw\n9BCzzYxVQp4nPxcxdMo2PDrCXJg4Ux/ia9dUZFbSZOF8TccxU/1nAB89nS0jCECW\nOhjqKHM4vcpyPF+ztnGT8Lce+wy3TwTQ/CJM3GaKLK3RF8dT9y0Ae6PP902eOw+x\nCKbG9EsqB47K5v7Jrbm7LfaxxF1hs7l3kiaupk5YNxgIlHV0i/dpHT39zhSFEFdZ\n4F2+lpzJpvKjz9kx2iyJcNYScxMTbWKQQrEYrcNFp3wE3vPl4ndASKrOniTta6ub\nH2j0Jp/O0pcQTLrsVTlSPvzVgSqTBjobgsIw4JWBSeDLpaDWNQR/dhxfoCQCUvA4\nSDEby7l+buKPbipoCvupeyk+cQIM+yjXKc0OZDpHGekK8NsViD5rGIVyhKmFvWcC\nPajYlmZu68s49eg14hrpXudTcrLL+fFkKgxI5f0Eat0BLFsW7mFl6cvEzX+ErPKT\n38XlAdtsO7FGq3DerKJhAyWzZbTPBpcXtPvguIytoxl3QXxcNBvcRgeZOjqMeIhW\nQqFsYamZq7zcDKYon9Zljtkz1/ai1viBejcvqJK5DqePtvz4AJA=\n=ZIch\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2022-1096" }, { "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "db": "VULMON", "id": "CVE-2022-1096" }, { "db": "PACKETSTORM", "id": "166544" }, { "db": "PACKETSTORM", "id": "168075" }, { "db": "PACKETSTORM", "id": "169350" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-1096", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-22-209-01", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU93834764", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-002159", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "166544", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2022.3702", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1337", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1294", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032827", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032601", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022032912", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022060052", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202203-2278", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-1096", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168075", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169350", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-1096" }, { "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "db": "PACKETSTORM", "id": "166544" }, { "db": "PACKETSTORM", "id": "168075" }, { "db": "PACKETSTORM", "id": "169350" }, { "db": "CNNVD", "id": "CNNVD-202203-2278" }, { "db": "NVD", "id": "CVE-2022-1096" } ] }, "id": "VAR-202203-1921", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.41454848499999997 }, "last_update_date": "2024-06-14T19:41:55.786000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Product\u00a0Compatibility\u00a0\u0026\u00a0Download\u00a0Center\u00a0from\u00a0Rockwell\u00a0Automation Rockwell\u00a0Automation", "trust": 0.8, "url": "https://compatibility.rockwellautomation.com/pages/home.aspx" }, { "title": "Google Chrome Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=186884" }, { "title": "Debian Security Advisories: DSA-5110-1 chromium -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e9e9ba88a881ad0a39b9244f299b6a5e" }, { "title": "Google Chrome: Stable Channel Update for Desktop", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=chrome_releases\u0026qid=9e48fc90e4efa33ae51fdb4506bde295" }, { "title": "cve-2022-1096", "trust": 0.1, "url": "https://github.com/git-cve-updater/cve-2022-1096 " }, { "title": "Chrome-and-Edge-Version-Dumper", "trust": 0.1, "url": "https://github.com/maverick-cmd/chrome-and-edge-version-dumper " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/" }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2022/03/28/google_chromium_exploit/" }, { "title": "The Register", "trust": 0.1, "url": "https://www.theregister.co.uk/2022/04/15/google-third-fix-chrome-vulnerability/" }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-to-patch-actively-exploited-chrome-redis-bugs/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-1096" }, { "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "db": "CNNVD", "id": "CNNVD-202203-2278" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-843", "trust": 1.0 }, { "problemtype": "Mistake of type (CWE-843) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "db": "NVD", "id": "CVE-2022-1096" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html" }, { "trust": 1.7, "url": "https://security.gentoo.org/glsa/202208-25" }, { "trust": 1.6, "url": "https://crbug.com/1309225" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1096" }, { "trust": 0.8, "url": "http://jvn.jp/vu/jvnvu93834764/index.html" }, { "trust": 0.8, "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-209-01" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/167516/chrome-cve-2022-1096-incomplete-fix.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.3702" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022060052" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032827" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1294" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-1096/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/166544/ubuntu-security-notice-usn-5350-1.html" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-209-01" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032601" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-1096" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022032912" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/chrome-memory-corruption-via-v8-37881" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1337" }, { "trust": 0.1, "url": "https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/" }, { "trust": 0.1, "url": "https://github.com/git-cve-updater/cve-2022-1096" }, { "trust": 0.1, "url": "https://www.debian.org/security/2022/dsa-5110" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/chromium-browser/99.0.4844.84-0ubuntu0.18.04.1" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-5350-1" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1136" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1138" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1501" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1129" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1489" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1490" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1861" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1480" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4058" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0975" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1633" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0971" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1500" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0972" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29144" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29147" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0978" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1876" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0977" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2156" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0808" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1863" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1641" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1866" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1146" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1487" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1637" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0801" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26895" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0807" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4059" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4062" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0791" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26891" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0976" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4055" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0798" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0803" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4057" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1144" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26912" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0979" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26900" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1495" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1484" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30128" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1497" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1143" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4068" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4063" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0792" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0980" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0794" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1493" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1486" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1867" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2165" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1310" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1485" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33638" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1498" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4066" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0806" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1491" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1853" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1313" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1857" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1870" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1875" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1125" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0809" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-33639" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26894" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26909" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2010" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1635" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1135" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1868" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1856" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1232" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29146" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4052" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1488" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1478" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1312" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4053" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1477" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1636" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1639" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2164" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4078" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1479" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1308" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2011" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30127" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4061" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0790" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1862" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1145" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1854" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2007" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1859" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1132" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1482" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1634" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1142" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4079" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0973" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0974" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1131" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1309" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22021" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1481" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0795" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4056" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-30192" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-24523" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1306" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1134" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1139" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1305" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1311" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1307" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0799" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26905" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2162" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1496" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1133" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1855" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1141" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1494" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4054" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0804" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1874" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4065" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1314" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0793" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1640" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-26908" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-4064" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-0800" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2158" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1137" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2163" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-1364" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/chromium" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2022-1096" }, { "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "db": "PACKETSTORM", "id": "166544" }, { "db": "PACKETSTORM", "id": "168075" }, { "db": "PACKETSTORM", "id": "169350" }, { "db": "CNNVD", "id": "CNNVD-202203-2278" }, { "db": "NVD", "id": "CVE-2022-1096" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2022-1096" }, { "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "db": "PACKETSTORM", "id": "166544" }, { "db": "PACKETSTORM", "id": "168075" }, { "db": "PACKETSTORM", "id": "169350" }, { "db": "CNNVD", "id": "CNNVD-202203-2278" }, { "db": "NVD", "id": "CVE-2022-1096" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "date": "2022-03-30T14:48:41", "db": "PACKETSTORM", "id": "166544" }, { "date": "2022-08-15T16:03:09", "db": "PACKETSTORM", "id": "168075" }, { "date": "2022-03-28T19:12:00", "db": "PACKETSTORM", "id": "169350" }, { "date": "2022-03-25T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-2278" }, { "date": "2022-07-23T00:15:08.333000", "db": "NVD", "id": "CVE-2022-1096" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-06-13T06:18:00", "db": "JVNDB", "id": "JVNDB-2022-002159" }, { "date": "2022-08-16T00:00:00", "db": "CNNVD", "id": "CNNVD-202203-2278" }, { "date": "2022-10-27T22:50:00.437000", "db": "NVD", "id": "CVE-2022-1096" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "168075" }, { "db": "CNNVD", "id": "CNNVD-202203-2278" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Rockwell\u00a0Automation\u00a0 Type mix-up vulnerabilities in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002159" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202203-2278" } ], "trust": 0.6 } }
cve-2023-2746
Vulnerability from cvelistv5
Vendor | Product | Version | |
---|---|---|---|
▼ | Rockwell Automation | Enhanced HIM |
Version: v1.001 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:33:05.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139760" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-2746", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-07T17:24:29.101183Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-07T17:27:54.204Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Enhanced HIM", "vendor": "Rockwell Automation", "versions": [ { "status": "affected", "version": "v1.001" } ] } ], "datePublic": "2023-07-11T13:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Rockwell Automation Enhanced HIM software contains \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ean API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e" } ], "value": "The Rockwell Automation Enhanced HIM software contains \n\nan API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.\n\n\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-62", "descriptions": [ { "lang": "en", "value": "CAPEC-62 Cross Site Request Forgery" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-11T13:15:04.152Z", "orgId": "b73dd486-f505-4403-b634-40b078b177f0", "shortName": "Rockwell" }, "references": [ { "url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139760" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\n\n\n\n\u003cul\u003e\u003cli\u003eUpgrade to version \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113\u0026amp;versions=61994,59312\"\u003e1.002\u003c/a\u003e\u0026nbsp;which mitigates this issue.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e" } ], "value": "\n\n\n * Upgrade to version 1.002 https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx \u00a0which mitigates this issue.\n\n\n\n\n\n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Rockwell Automation Enhanced HIM Vulnerable to Cross-Site Request Forgery Attack", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "b73dd486-f505-4403-b634-40b078b177f0", "assignerShortName": "Rockwell", "cveId": "CVE-2023-2746", "datePublished": "2023-07-11T13:15:04.152Z", "dateReserved": "2023-05-16T20:09:25.338Z", "dateUpdated": "2024-11-07T17:27:54.204Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }