pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2014-2246/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

213 lines
8.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20142246",
"Version": "oval:org.altlinux.errata:def:20142246",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2014-2246: package `edk2` update to version 20140722svn2674-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2014-2246",
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2246",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-05454",
"RefURL": "https://bdu.fstec.ru/vul/2021-05454",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00267",
"RefURL": "https://bdu.fstec.ru/vul/2022-00267",
"Source": "BDU"
},
{
"RefID": "BDU:2022-06898",
"RefURL": "https://bdu.fstec.ru/vul/2022-06898",
"Source": "BDU"
},
{
"RefID": "CVE-2017-5731",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731",
"Source": "CVE"
},
{
"RefID": "CVE-2019-14584",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2019-14584",
"Source": "CVE"
},
{
"RefID": "CVE-2021-28210",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28210",
"Source": "CVE"
},
{
"RefID": "CVE-2021-38575",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-38575",
"Source": "CVE"
},
{
"RefID": "CVE-2021-38578",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-38578",
"Source": "CVE"
}
],
"Description": "This update upgrades edk2 to version 20140722svn2674-alt1. \nSecurity Fix(es):\n\n * BDU:2021-05454: Уязвимость функции IScsiHexToBin библиотеки Tianocore edk2, позволяющая нарушителю раскрыть защищаемую информацию, оказать воздействие на целостность данных или вызвать отказ в обслуживании\n\n * BDU:2022-00267: Уязвимость среды с открытым исходным кодом для разработки UEFI edk2, связанная с ошибками разыменования указателя, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * BDU:2022-06898: Уязвимость среды с открытым исходным кодом для разработки UEFI EDK2, связанная с неконтролируемой рекурсией, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании\n\n * CVE-2017-5731: Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.\n\n * CVE-2019-14584: Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n * CVE-2021-28210: An unlimited recursion in DxeCore in EDK II.\n\n * CVE-2021-38575: NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.\n\n * CVE-2021-38578: Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.\n\n",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2014-10-06"
},
"Updated": {
"Date": "2014-10-06"
},
"BDUs": [
{
"ID": "BDU:2021-05454",
"CVSS": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2021-05454",
"Impact": "High",
"Public": "20210608"
},
{
"ID": "BDU:2022-00267",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-476",
"Href": "https://bdu.fstec.ru/vul/2022-00267",
"Impact": "High",
"Public": "20201213"
},
{
"ID": "BDU:2022-06898",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-674",
"Href": "https://bdu.fstec.ru/vul/2022-06898",
"Impact": "High",
"Public": "20190423"
}
],
"CVEs": [
{
"ID": "CVE-2017-5731",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-5731",
"Impact": "High",
"Public": "20191028"
},
{
"ID": "CVE-2019-14584",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-476",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2019-14584",
"Impact": "High",
"Public": "20210603"
},
{
"ID": "CVE-2021-28210",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28210",
"Impact": "High",
"Public": "20210611"
},
{
"ID": "CVE-2021-38575",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-38575",
"Impact": "High",
"Public": "20211201"
},
{
"ID": "CVE-2021-38578",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-38578",
"Impact": "Critical",
"Public": "20220303"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9",
"cpe:/o:alt:kworkstation:9.1",
"cpe:/o:alt:workstation:9.1",
"cpe:/o:alt:server:9.1",
"cpe:/o:alt:server-v:9.1",
"cpe:/o:alt:education:9.1",
"cpe:/o:alt:slinux:9.1",
"cpe:/o:alt:starterkit:9.1",
"cpe:/o:alt:kworkstation:9.2",
"cpe:/o:alt:workstation:9.2",
"cpe:/o:alt:server:9.2",
"cpe:/o:alt:server-v:9.2",
"cpe:/o:alt:education:9.2",
"cpe:/o:alt:slinux:9.2",
"cpe:/o:alt:starterkit:9.2"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20142246001",
"Comment": "edk2-tools is earlier than 0:20140722svn2674-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20142246002",
"Comment": "edk2-tools-doc is earlier than 0:20140722svn2674-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink