pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a538f1e924
vuln-list-alt/oval/p11/ALT-PU-2020-1971/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

173 lines
7.0 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20201971",
"Version": "oval:org.altlinux.errata:def:20201971",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-1971: package `edk2-tools` update to version 20200229-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p11"
],
"Products": [
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-1971",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-1971",
"Source": "ALTPU"
},
{
"RefID": "BDU:2020-04779",
"RefURL": "https://bdu.fstec.ru/vul/2020-04779",
"Source": "BDU"
},
{
"RefID": "CVE-2019-14558",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14558",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14559",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14559",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14563",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14563",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14575",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14575",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14586",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14586",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14587",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14587",
"Source": "CVE"
}
],
"Description": "This update upgrades edk2-tools to version 20200229-alt1. \nSecurity Fix(es):\n\n * BDU:2020-04779: Уязвимость микропрограммного обеспечения BIOS процессоров Intel, связанная с ошибками управления привилегиями, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2019-14558: Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 \u0026 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.\n\n * CVE-2019-14559: Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.\n\n * CVE-2019-14563: Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n * CVE-2019-14575: Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n * CVE-2019-14586: Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.\n\n * CVE-2019-14587: Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-05-16"
},
"Updated": {
"Date": "2020-05-16"
},
"BDUs": [
{
"ID": "BDU:2020-04779",
"CVSS": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2020-04779",
"Impact": "Low",
"Public": "20200908"
}
],
"CVEs": [
{
"ID": "CVE-2019-14558",
"CVSS": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14558",
"Impact": "Low",
"Public": "20201005"
},
{
"ID": "CVE-2019-14559",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-401",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14559",
"Impact": "High",
"Public": "20201123"
},
{
"ID": "CVE-2019-14563",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14563",
"Impact": "High",
"Public": "20201123"
},
{
"ID": "CVE-2019-14575",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14575",
"Impact": "High",
"Public": "20201123"
},
{
"ID": "CVE-2019-14586",
"CVSS": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14586",
"Impact": "High",
"Public": "20201123"
},
{
"ID": "CVE-2019-14587",
"CVSS": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14587",
"Impact": "Low",
"Public": "20201123"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:container:11"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20201971001",
"Comment": "edk2-tools is earlier than 0:20200229-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20201971002",
"Comment": "edk2-tools-doc is earlier than 0:20200229-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink