ALT Vulnerability

2024-12-21 09:05:32 +00:00 · 2024-12-21 09:05:32 +00:00 · 8776aa6d44
commit 8776aa6d44
parent f40c519964
15 changed files with 113 additions and 39 deletions
--- a/oval/c10f1/ALT-PU-2024-14830/definitions.json
+++ b/oval/c10f1/ALT-PU-2024-14830/definitions.json
@ -8609,8 +8609,10 @@
            },
            {
              "ID": "CVE-2024-2887",
+              "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-843",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-2887",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240326"
            },
            {
@ -8871,20 +8873,26 @@
            },
            {
              "ID": "CVE-2024-4331",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4368",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4558",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
-              "Impact": "None",
+              "Impact": "Critical",
              "Public": "20240507"
            },
            {
@ -8969,8 +8977,10 @@
            },
            {
              "ID": "CVE-2024-5160",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5160",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240522"
            },
            {
--- a/oval/c10f1/ALT-PU-2024-15575/definitions.json
+++ b/oval/c10f1/ALT-PU-2024-15575/definitions.json
@ -521,20 +521,26 @@
            },
            {
              "ID": "CVE-2024-4331",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4368",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4558",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
-              "Impact": "None",
+              "Impact": "Critical",
              "Public": "20240507"
            },
            {
--- a/oval/c9f2/ALT-PU-2024-10427/definitions.json
+++ b/oval/c9f2/ALT-PU-2024-10427/definitions.json
@ -179,14 +179,18 @@
            },
            {
              "ID": "CVE-2024-4331",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4368",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
--- a/oval/c9f2/ALT-PU-2024-14996/definitions.json
+++ b/oval/c9f2/ALT-PU-2024-14996/definitions.json
@ -383,8 +383,10 @@
          "CVEs": [
            {
              "ID": "CVE-2024-4558",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
-              "Impact": "None",
+              "Impact": "Critical",
              "Public": "20240507"
            },
            {
--- a/oval/p10/ALT-PU-2024-10294/definitions.json
+++ b/oval/p10/ALT-PU-2024-10294/definitions.json
@ -3514,8 +3514,10 @@
            },
            {
              "ID": "CVE-2024-2887",
+              "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-843",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-2887",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240326"
            },
            {
@ -3760,20 +3762,26 @@
            },
            {
              "ID": "CVE-2024-4331",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4368",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4558",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
-              "Impact": "None",
+              "Impact": "Critical",
              "Public": "20240507"
            },
            {
@ -3858,8 +3866,10 @@
            },
            {
              "ID": "CVE-2024-5160",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5160",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240522"
            },
            {
--- a/oval/p10/ALT-PU-2024-14286/definitions.json
+++ b/oval/p10/ALT-PU-2024-14286/definitions.json
@ -7782,8 +7782,10 @@
            },
            {
              "ID": "CVE-2024-2887",
+              "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-843",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-2887",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240326"
            },
            {
@ -8044,20 +8046,26 @@
            },
            {
              "ID": "CVE-2024-4331",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4368",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4558",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
-              "Impact": "None",
+              "Impact": "Critical",
              "Public": "20240507"
            },
            {
@ -8142,8 +8150,10 @@
            },
            {
              "ID": "CVE-2024-5160",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5160",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240522"
            },
            {
--- a/oval/p10/ALT-PU-2024-15041/definitions.json
+++ b/oval/p10/ALT-PU-2024-15041/definitions.json
@ -527,20 +527,26 @@
            },
            {
              "ID": "CVE-2024-4331",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4368",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4558",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
-              "Impact": "None",
+              "Impact": "Critical",
              "Public": "20240507"
            },
            {
--- a/oval/p11/ALT-PU-2024-10425/definitions.json
+++ b/oval/p11/ALT-PU-2024-10425/definitions.json
@ -178,14 +178,18 @@
            },
            {
              "ID": "CVE-2024-4331",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4368",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
--- a/oval/p11/ALT-PU-2024-11865/definitions.json
+++ b/oval/p11/ALT-PU-2024-11865/definitions.json
@ -325,20 +325,26 @@
          "CVEs": [
            {
              "ID": "CVE-2024-4331",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4368",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4558",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
-              "Impact": "None",
+              "Impact": "Critical",
              "Public": "20240507"
            },
            {
@ -423,8 +429,10 @@
            },
            {
              "ID": "CVE-2024-5160",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5160",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240522"
            },
            {
--- a/oval/p11/ALT-PU-2024-14994/definitions.json
+++ b/oval/p11/ALT-PU-2024-14994/definitions.json
@ -382,8 +382,10 @@
          "CVEs": [
            {
              "ID": "CVE-2024-4558",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
-              "Impact": "None",
+              "Impact": "Critical",
              "Public": "20240507"
            },
            {
--- a/oval/p11/ALT-PU-2024-4642/definitions.json
+++ b/oval/p11/ALT-PU-2024-4642/definitions.json
@ -83,8 +83,10 @@
            },
            {
              "ID": "CVE-2024-2887",
+              "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-843",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-2887",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240326"
            }
          ],
--- a/oval/p11/ALT-PU-2024-7309/definitions.json
+++ b/oval/p11/ALT-PU-2024-7309/definitions.json
@ -762,8 +762,10 @@
            },
            {
              "ID": "CVE-2024-2887",
+              "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-843",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-2887",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240326"
            },
            {
--- a/oval/p11/ALT-PU-2024-7311/definitions.json
+++ b/oval/p11/ALT-PU-2024-7311/definitions.json
@ -37,7 +37,7 @@
        "Description": "This update upgrades chromium to version 124.0.6367.118-alt1. \nSecurity Fix(es):\n\n * CVE-2024-4331: Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2024-4368: Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
        "Advisory": {
          "From": "errata.altlinux.org",
-          "Severity": "Low",
+          "Severity": "High",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2024-05-02"
@ -49,14 +49,18 @@
          "CVEs": [
            {
              "ID": "CVE-2024-4331",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4331",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            },
            {
              "ID": "CVE-2024-4368",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4368",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240501"
            }
          ],
--- a/oval/p11/ALT-PU-2024-7633/definitions.json
+++ b/oval/p11/ALT-PU-2024-7633/definitions.json
@ -37,7 +37,7 @@
        "Description": "This update upgrades chromium to version 124.0.6367.155-alt1. \nSecurity Fix(es):\n\n * CVE-2024-4558: Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n * CVE-2024-4559: Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
        "Advisory": {
          "From": "errata.altlinux.org",
-          "Severity": "Low",
+          "Severity": "Critical",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2024-05-10"
@ -49,8 +49,10 @@
          "CVEs": [
            {
              "ID": "CVE-2024-4558",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+              "CWE": "CWE-416",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-4558",
-              "Impact": "None",
+              "Impact": "Critical",
              "Public": "20240507"
            },
            {
--- a/oval/p11/ALT-PU-2024-8361/definitions.json
+++ b/oval/p11/ALT-PU-2024-8361/definitions.json
@ -316,8 +316,10 @@
            },
            {
              "ID": "CVE-2024-5160",
+              "CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+              "CWE": "CWE-787",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5160",
-              "Impact": "None",
+              "Impact": "High",
              "Public": "20240522"
            },
            {