pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ALT Vulnerability

Browse Source
This commit is contained in:
Иван Пепеляев 2024-11-13 15:04:58 +00:00
parent ed264cdc85
commit 79b58e4266
2 changed files with 60 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
oval/c10f1/ALT-PU-2022-2540/definitions.json
View File

@ -24,13 +24,23 @@
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2540",
"Source": "ALTPU"
},
{
"RefID": "CVE-2022-24300",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24300",
"Source": "CVE"
},
{
"RefID": "CVE-2022-24301",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24301",
"Source": "CVE"
},
{
"RefID": "CVE-2022-35978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-35978",
"Source": "CVE"
}
],
"Description": "This update upgrades minetest to version 5.6.0-alt1. \nSecurity Fix(es):\n\n * CVE-2022-35978: Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.\n\n * #42759: Minetest - дублированные иконки\n\n * #42822: ERROR[Main]: Game specified in default_game [minetest] is invalid.",
"Description": "This update upgrades minetest to version 5.6.0-alt1. \nSecurity Fix(es):\n\n * CVE-2022-24300: Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.\n\n * CVE-2022-24301: In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.\n\n * CVE-2022-35978: Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.\n\n * #42759: Minetest - дублированные иконки\n\n * #42822: ERROR[Main]: Game specified in default_game [minetest] is invalid.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
@ -39,10 +49,28 @@
"Date": "2022-09-02"
},
"Updated": {
"Date": "2022-09-02"
"Date": "2024-11-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2022-24300",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24300",
"Impact": "Critical",
"Public": "20220202"
},
{
"ID": "CVE-2022-24301",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-276",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24301",
"Impact": "Low",
"Public": "20220202"
},
{
"ID": "CVE-2022-35978",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",

32
oval/p10/ALT-PU-2022-2540/definitions.json
View File

@ -29,13 +29,23 @@
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2540",
"Source": "ALTPU"
},
{
"RefID": "CVE-2022-24300",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24300",
"Source": "CVE"
},
{
"RefID": "CVE-2022-24301",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-24301",
"Source": "CVE"
},
{
"RefID": "CVE-2022-35978",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-35978",
"Source": "CVE"
}
],
"Description": "This update upgrades minetest to version 5.6.0-alt1. \nSecurity Fix(es):\n\n * CVE-2022-35978: Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.\n\n * #42759: Minetest - дублированные иконки\n\n * #42822: ERROR[Main]: Game specified in default_game [minetest] is invalid.",
"Description": "This update upgrades minetest to version 5.6.0-alt1. \nSecurity Fix(es):\n\n * CVE-2022-24300: Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.\n\n * CVE-2022-24301: In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.\n\n * CVE-2022-35978: Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.\n\n * #42759: Minetest - дублированные иконки\n\n * #42822: ERROR[Main]: Game specified in default_game [minetest] is invalid.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
@ -44,10 +54,28 @@
"Date": "2022-09-02"
},
"Updated": {
"Date": "2022-09-02"
"Date": "2024-11-13"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2022-24300",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24300",
"Impact": "Critical",
"Public": "20220202"
},
{
"ID": "CVE-2022-24301",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"CWE": "CWE-276",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-24301",
"Impact": "Low",
"Public": "20220202"
},
{
"ID": "CVE-2022-35978",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",