ALT Vulnerability

oval/c10f1/ALT-PU-2016-2218/definitions.json

@@ -160,6 +160,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/c10f1/ALT-PU-2017-1330/definitions.json

@@ -1661,6 +1661,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/c10f1/ALT-PU-2019-1761/definitions.json

@@ -62,6 +62,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c10f1/ALT-PU-2019-1765/definitions.json

@@ -132,6 +132,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c10f1/ALT-PU-2019-1766/definitions.json

@@ -62,6 +62,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c10f1/ALT-PU-2019-1767/definitions.json

@@ -272,6 +272,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c10f1/ALT-PU-2019-2213/definitions.json

@@ -249,6 +249,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c10f1/ALT-PU-2019-2940/definitions.json

@@ -47,6 +47,7 @@
               "ID": "CVE-2019-14823",
               "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+              "CWE": "CWE-358",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14823",
               "Impact": "High",
               "Public": "20191014"

oval/c10f1/ALT-PU-2024-10859/definitions.json

@@ -85,7 +85,7 @@
             "Source": "CVE"
           }
         ],
-        "Description": "This update upgrades openvpn to version 2.6.12-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02574: Уязвимость программного обеспечения OpenVPN, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-02585: Уязвимость опции --fragment программного обеспечения OpenVPN, связанная с ошибками при делении на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-05533: Уязвимость компонента Plug-in Handler программного обеспечения OpenVPN, позволяющая нарушителю загружать произвольные модули\n\n * CVE-2023-46849: Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.\n\n * CVE-2023-46850: Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.\n\n * CVE-2023-7235: The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.\n\n * CVE-2024-24974: The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.\n\n * CVE-2024-27459: The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.\n\n * CVE-2024-27903: OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.\n\n * CVE-2024-28882: OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session\n\n * CVE-2024-4877: description unavailable\n\n * CVE-2024-5594: description unavailable\n\n * #46933: Версия 2.6.5",
+        "Description": "This update upgrades openvpn to version 2.6.12-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02574: Уязвимость программного обеспечения OpenVPN, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-02585: Уязвимость опции --fragment программного обеспечения OpenVPN, связанная с ошибками при делении на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-05533: Уязвимость компонента Plug-in Handler программного обеспечения OpenVPN, позволяющая нарушителю загружать произвольные модули\n\n * CVE-2023-46849: Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.\n\n * CVE-2023-46850: Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.\n\n * CVE-2023-7235: The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.\n\n * CVE-2024-24974: The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.\n\n * CVE-2024-27459: The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.\n\n * CVE-2024-27903: OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.\n\n * CVE-2024-28882: OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session\n\n * CVE-2024-4877: description unavailable\n\n * CVE-2024-5594: OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.\n\n * #46933: Версия 2.6.5",
         "Advisory": {
           "From": "errata.altlinux.org",
           "Severity": "Critical",
@@ -177,6 +177,12 @@
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-28882",
               "Impact": "None",
               "Public": "20240708"
+            },
+            {
+              "ID": "CVE-2024-5594",
+              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5594",
+              "Impact": "None",
+              "Public": "20250106"
             }
           ],
           "Bugzilla": [

oval/c9f2/ALT-PU-2016-2218/definitions.json

@@ -160,6 +160,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/c9f2/ALT-PU-2017-1330/definitions.json

@@ -1661,6 +1661,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/c9f2/ALT-PU-2019-1761/definitions.json

@@ -62,6 +62,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c9f2/ALT-PU-2019-1765/definitions.json

@@ -132,6 +132,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c9f2/ALT-PU-2019-1766/definitions.json

@@ -62,6 +62,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c9f2/ALT-PU-2019-1767/definitions.json

@@ -272,6 +272,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c9f2/ALT-PU-2019-2234/definitions.json

@@ -249,6 +249,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/c9f2/ALT-PU-2019-3187/definitions.json

@@ -47,6 +47,7 @@
               "ID": "CVE-2019-14823",
               "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+              "CWE": "CWE-358",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14823",
               "Impact": "High",
               "Public": "20191014"

oval/p10/ALT-PU-2016-2218/definitions.json

@@ -166,6 +166,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/p10/ALT-PU-2017-1330/definitions.json

@@ -1667,6 +1667,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/p10/ALT-PU-2019-1761/definitions.json

@@ -68,6 +68,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p10/ALT-PU-2019-1765/definitions.json

@@ -138,6 +138,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p10/ALT-PU-2019-1766/definitions.json

@@ -68,6 +68,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p10/ALT-PU-2019-1767/definitions.json

@@ -278,6 +278,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p10/ALT-PU-2019-2213/definitions.json

@@ -255,6 +255,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p10/ALT-PU-2019-2940/definitions.json

@@ -53,6 +53,7 @@
               "ID": "CVE-2019-14823",
               "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+              "CWE": "CWE-358",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14823",
               "Impact": "High",
               "Public": "20191014"

oval/p10/ALT-PU-2024-10885/definitions.json

@@ -91,7 +91,7 @@
             "Source": "CVE"
           }
         ],
-        "Description": "This update upgrades openvpn to version 2.6.12-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02574: Уязвимость программного обеспечения OpenVPN, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-02585: Уязвимость опции --fragment программного обеспечения OpenVPN, связанная с ошибками при делении на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-05533: Уязвимость компонента Plug-in Handler программного обеспечения OpenVPN, позволяющая нарушителю загружать произвольные модули\n\n * CVE-2023-46849: Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.\n\n * CVE-2023-46850: Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.\n\n * CVE-2023-7235: The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.\n\n * CVE-2024-24974: The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.\n\n * CVE-2024-27459: The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.\n\n * CVE-2024-27903: OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.\n\n * CVE-2024-28882: OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session\n\n * CVE-2024-4877: description unavailable\n\n * CVE-2024-5594: description unavailable\n\n * #46933: Версия 2.6.5",
+        "Description": "This update upgrades openvpn to version 2.6.12-alt1. \nSecurity Fix(es):\n\n * BDU:2024-02574: Уязвимость программного обеспечения OpenVPN, связанная с использованием памяти после её освобождения, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-02585: Уязвимость опции --fragment программного обеспечения OpenVPN, связанная с ошибками при делении на ноль, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2024-05533: Уязвимость компонента Plug-in Handler программного обеспечения OpenVPN, позволяющая нарушителю загружать произвольные модули\n\n * CVE-2023-46849: Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.\n\n * CVE-2023-46850: Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.\n\n * CVE-2023-7235: The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.\n\n * CVE-2024-24974: The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service.\n\n * CVE-2024-27459: The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges.\n\n * CVE-2024-27903: OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.\n\n * CVE-2024-28882: OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session\n\n * CVE-2024-4877: description unavailable\n\n * CVE-2024-5594: OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.\n\n * #46933: Версия 2.6.5",
         "Advisory": {
           "From": "errata.altlinux.org",
           "Severity": "Critical",
@@ -183,6 +183,12 @@
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-28882",
               "Impact": "None",
               "Public": "20240708"
+            },
+            {
+              "ID": "CVE-2024-5594",
+              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5594",
+              "Impact": "None",
+              "Public": "20250106"
             }
           ],
           "Bugzilla": [

oval/p11/ALT-PU-2016-2218/definitions.json

@@ -159,6 +159,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/p11/ALT-PU-2017-1330/definitions.json

@@ -1660,6 +1660,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/p11/ALT-PU-2019-1761/definitions.json

@@ -61,6 +61,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p11/ALT-PU-2019-1765/definitions.json

@@ -131,6 +131,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p11/ALT-PU-2019-1766/definitions.json

@@ -61,6 +61,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p11/ALT-PU-2019-1767/definitions.json

@@ -271,6 +271,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p11/ALT-PU-2019-2213/definitions.json

@@ -248,6 +248,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p11/ALT-PU-2019-2940/definitions.json

@@ -46,6 +46,7 @@
               "ID": "CVE-2019-14823",
               "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+              "CWE": "CWE-358",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14823",
               "Impact": "High",
               "Public": "20191014"

oval/p11/ALT-PU-2024-10642/definitions.json

@@ -39,7 +39,7 @@
             "Source": "CVE"
           }
         ],
-        "Description": "This update upgrades openvpn to version 2.6.12-alt1. \nSecurity Fix(es):\n\n * CVE-2024-28882: OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session\n\n * CVE-2024-4877: description unavailable\n\n * CVE-2024-5594: description unavailable",
+        "Description": "This update upgrades openvpn to version 2.6.12-alt1. \nSecurity Fix(es):\n\n * CVE-2024-28882: OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session\n\n * CVE-2024-4877: description unavailable\n\n * CVE-2024-5594: OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.",
         "Advisory": {
           "From": "errata.altlinux.org",
           "Severity": "Low",
@@ -57,6 +57,12 @@
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-28882",
               "Impact": "None",
               "Public": "20240708"
+            },
+            {
+              "ID": "CVE-2024-5594",
+              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5594",
+              "Impact": "None",
+              "Public": "20250106"
             }
           ],
           "AffectedCPEs": {

oval/p9/ALT-PU-2016-2218/definitions.json

@@ -165,6 +165,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/p9/ALT-PU-2017-1330/definitions.json

@@ -1666,6 +1666,7 @@
               "ID": "CVE-2019-3901",
               "CVSS": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
               "CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+              "CWE": "CWE-667",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3901",
               "Impact": "Low",
               "Public": "20190422"

oval/p9/ALT-PU-2019-1761/definitions.json

@@ -67,6 +67,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p9/ALT-PU-2019-1765/definitions.json

@@ -137,6 +137,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p9/ALT-PU-2019-1766/definitions.json

@@ -67,6 +67,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p9/ALT-PU-2019-1767/definitions.json

@@ -277,6 +277,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p9/ALT-PU-2019-2234/definitions.json

@@ -254,6 +254,7 @@
               "ID": "CVE-2019-3882",
               "CVSS": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
               "CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+              "CWE": "CWE-770",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-3882",
               "Impact": "Low",
               "Public": "20190424"

oval/p9/ALT-PU-2019-3187/definitions.json

@@ -52,6 +52,7 @@
               "ID": "CVE-2019-14823",
               "CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               "CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+              "CWE": "CWE-358",
               "Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14823",
               "Impact": "High",
               "Public": "20191014"