pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
43c7060749
vuln-list-alt/oval/p11/ALT-PU-2023-4590/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

330 lines
15 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20234590",
"Version": "oval:org.altlinux.errata:def:20234590",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-4590: package `dotnet-bootstrap-6.0` update to version 6.0.20-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-4590",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-4590",
"Source": "ALTPU"
},
{
"RefID": "BDU:2023-02907",
"RefURL": "https://bdu.fstec.ru/vul/2023-02907",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03210",
"RefURL": "https://bdu.fstec.ru/vul/2023-03210",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03308",
"RefURL": "https://bdu.fstec.ru/vul/2023-03308",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03339",
"RefURL": "https://bdu.fstec.ru/vul/2023-03339",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03439",
"RefURL": "https://bdu.fstec.ru/vul/2023-03439",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03440",
"RefURL": "https://bdu.fstec.ru/vul/2023-03440",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03531",
"RefURL": "https://bdu.fstec.ru/vul/2023-03531",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03789",
"RefURL": "https://bdu.fstec.ru/vul/2023-03789",
"Source": "BDU"
},
{
"RefID": "BDU:2023-03790",
"RefURL": "https://bdu.fstec.ru/vul/2023-03790",
"Source": "BDU"
},
{
"RefID": "CVE-2023-24895",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24895",
"Source": "CVE"
},
{
"RefID": "CVE-2023-24897",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24897",
"Source": "CVE"
},
{
"RefID": "CVE-2023-24936",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-24936",
"Source": "CVE"
},
{
"RefID": "CVE-2023-28260",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-28260",
"Source": "CVE"
},
{
"RefID": "CVE-2023-29331",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-29331",
"Source": "CVE"
},
{
"RefID": "CVE-2023-29337",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-29337",
"Source": "CVE"
},
{
"RefID": "CVE-2023-33126",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-33126",
"Source": "CVE"
},
{
"RefID": "CVE-2023-33127",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-33127",
"Source": "CVE"
},
{
"RefID": "CVE-2023-33128",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-33128",
"Source": "CVE"
},
{
"RefID": "CVE-2023-33135",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-33135",
"Source": "CVE"
},
{
"RefID": "CVE-2023-33170",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2023-33170",
"Source": "CVE"
}
],
"Description": "This update upgrades dotnet-bootstrap-6.0 to version 6.0.20-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02907: Уязвимость программной платформы Microsoft .NET, связанная с некорректной обработкой пути поиска к библиотекам DLL,позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03210: Уязвимость программных платформ Microsoft .NET Framework, .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03308: Уязвимость программных платформ Microsoft .NET Framework, .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03339: Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2023-03439: Уязвимость программных платформ Microsoft .NET Framework, .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостаточной проверкой входных данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2023-03440: Уязвимость программных платформ Microsoft .NET Framework, .NET и средства разработки программного обеспечения Microsoft Visual Studio, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2023-03531: Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET, связанная с недостаточной проверкой входных данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-03789: Уязвимость программной платформы .NET и средства разработки программного обеспечения Microsoft Visual Studio, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю обойти существующие ограничения безопасности\n\n * BDU:2023-03790: Уязвимость программной платформы .NET и средства разработки программного обеспечения Microsoft Visual Studio, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2023-24895: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability\n\n * CVE-2023-24897: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability\n\n * CVE-2023-24936: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability\n\n * CVE-2023-28260: .NET DLL Hijacking Remote Code Execution Vulnerability\n\n * CVE-2023-29331: .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability\n\n * CVE-2023-29337: NuGet Client Remote Code Execution Vulnerability\n\n * CVE-2023-33126: .NET and Visual Studio Remote Code Execution Vulnerability\n\n * CVE-2023-33127: .NET and Visual Studio Elevation of Privilege Vulnerability\n\n * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability\n\n * CVE-2023-33135: .NET and Visual Studio Elevation of Privilege Vulnerability\n\n * CVE-2023-33170: ASP.NET and Visual Studio Security Feature Bypass Vulnerability",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-07-28"
},
"Updated": {
"Date": "2023-07-28"
},
"BDUs": [
{
"ID": "BDU:2023-02907",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-427",
"Href": "https://bdu.fstec.ru/vul/2023-02907",
"Impact": "High",
"Public": "20230411"
},
{
"ID": "BDU:2023-03210",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2023-03210",
"Impact": "High",
"Public": "20230613"
},
{
"ID": "BDU:2023-03308",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2023-03308",
"Impact": "High",
"Public": "20230613"
},
{
"ID": "BDU:2023-03339",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2023-03339",
"Impact": "High",
"Public": "20230613"
},
{
"ID": "BDU:2023-03439",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2023-03439",
"Impact": "Low",
"Public": "20230613"
},
{
"ID": "BDU:2023-03440",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2023-03440",
"Impact": "High",
"Public": "20230613"
},
{
"ID": "BDU:2023-03531",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2023-03531",
"Impact": "High",
"Public": "20230613"
},
{
"ID": "BDU:2023-03789",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2023-03789",
"Impact": "High",
"Public": "20230711"
},
{
"ID": "BDU:2023-03790",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://bdu.fstec.ru/vul/2023-03790",
"Impact": "High",
"Public": "20230711"
}
],
"CVEs": [
{
"ID": "CVE-2023-24895",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24895",
"Impact": "None",
"Public": "20230614"
},
{
"ID": "CVE-2023-24897",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24897",
"Impact": "None",
"Public": "20230614"
},
{
"ID": "CVE-2023-24936",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-24936",
"Impact": "None",
"Public": "20230614"
},
{
"ID": "CVE-2023-28260",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-28260",
"Impact": "None",
"Public": "20230411"
},
{
"ID": "CVE-2023-29331",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-29331",
"Impact": "None",
"Public": "20230614"
},
{
"ID": "CVE-2023-29337",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-29337",
"Impact": "None",
"Public": "20230614"
},
{
"ID": "CVE-2023-33126",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-33126",
"Impact": "None",
"Public": "20230614"
},
{
"ID": "CVE-2023-33127",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-33127",
"Impact": "None",
"Public": "20230711"
},
{
"ID": "CVE-2023-33128",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-33128",
"Impact": "None",
"Public": "20230614"
},
{
"ID": "CVE-2023-33135",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-33135",
"Impact": "High",
"Public": "20230614"
},
{
"ID": "CVE-2023-33170",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2023-33170",
"Impact": "None",
"Public": "20230711"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20234590001",
"Comment": "dotnet-bootstrap-6.0 is earlier than 0:6.0.20-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink