pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d5472b7d22
vuln-list-alt/oval/p10/ALT-PU-2018-1696/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

678 lines
40 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20181696",
"Version": "oval:org.altlinux.errata:def:20181696",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2018-1696: package `blender` update to version 2.79b-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p10"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit",
"ALT Container"
]
}
],
"References": [
{
"RefID": "ALT-PU-2018-1696",
"RefURL": "https://errata.altlinux.org/ALT-PU-2018-1696",
"Source": "ALTPU"
},
{
"RefID": "BDU:2019-00507",
"RefURL": "https://bdu.fstec.ru/vul/2019-00507",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04047",
"RefURL": "https://bdu.fstec.ru/vul/2019-04047",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04048",
"RefURL": "https://bdu.fstec.ru/vul/2019-04048",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04049",
"RefURL": "https://bdu.fstec.ru/vul/2019-04049",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04050",
"RefURL": "https://bdu.fstec.ru/vul/2019-04050",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04051",
"RefURL": "https://bdu.fstec.ru/vul/2019-04051",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04052",
"RefURL": "https://bdu.fstec.ru/vul/2019-04052",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04053",
"RefURL": "https://bdu.fstec.ru/vul/2019-04053",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04054",
"RefURL": "https://bdu.fstec.ru/vul/2019-04054",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04055",
"RefURL": "https://bdu.fstec.ru/vul/2019-04055",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04162",
"RefURL": "https://bdu.fstec.ru/vul/2019-04162",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04163",
"RefURL": "https://bdu.fstec.ru/vul/2019-04163",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04164",
"RefURL": "https://bdu.fstec.ru/vul/2019-04164",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04165",
"RefURL": "https://bdu.fstec.ru/vul/2019-04165",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04166",
"RefURL": "https://bdu.fstec.ru/vul/2019-04166",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04167",
"RefURL": "https://bdu.fstec.ru/vul/2019-04167",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04168",
"RefURL": "https://bdu.fstec.ru/vul/2019-04168",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04169",
"RefURL": "https://bdu.fstec.ru/vul/2019-04169",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04170",
"RefURL": "https://bdu.fstec.ru/vul/2019-04170",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04171",
"RefURL": "https://bdu.fstec.ru/vul/2019-04171",
"Source": "BDU"
},
{
"RefID": "BDU:2019-04172",
"RefURL": "https://bdu.fstec.ru/vul/2019-04172",
"Source": "BDU"
},
{
"RefID": "CVE-2017-12081",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12081",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12082",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12082",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12086",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12086",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12099",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12099",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12100",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12100",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12101",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12101",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12102",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12102",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12103",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12103",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12104",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12104",
"Source": "CVE"
},
{
"RefID": "CVE-2017-12105",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-12105",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2899",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2899",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2900",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2900",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2901",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2901",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2902",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2902",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2903",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2903",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2904",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2904",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2905",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2905",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2906",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2906",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2907",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2907",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2908",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2908",
"Source": "CVE"
},
{
"RefID": "CVE-2017-2918",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-2918",
"Source": "CVE"
}
],
"Description": "This update upgrades blender to version 2.79b-alt1. \nSecurity Fix(es):\n\n * BDU:2019-00507: Уязвимость набора программного обеспечения для создания трехмерной компьютерной графики Blender, связанная с целочисленным переполнением при обработке .blend-файла, позволяющая нарушителю выполнить код в контексте приложения\n\n * BDU:2019-04047: Уязвимость компонента Mesh набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04048: Уязвимость компонента CustomData набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04049: Уязвимость компонента BKE_mesh_calc_normals_tessface набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04050: Уязвимость компонента tface набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04051: Уязвимость компонента multires_load_old_dm набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04052: Уязвимость компонента modifier_mdef_compact_influences набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04053: Уязвимость набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04054: Уязвимость компонента Particle набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04055: Уязвимость компонента Mesh набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04162: Уязвимость набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04163: Уязвимость набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04164: Уязвимость набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04165: Уязвимость модуля DPX набора программного обеспечения для создания трехмерной компьютерной графики Blender, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04166: Уязвимость модуля DPX набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04167: Уязвимость модуля RADIANCE набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04168: Уязвимость набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04169: Уязвимость функции воспроизведения анимации набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04170: Уязвимость функции воспроизведения анимации набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04171: Уязвимость набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-04172: Уязвимость модуля загрузки изображений набора программного обеспечения для создания трехмерной компьютерной графики Blender, вызванная целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2017-12081: An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.\n\n * CVE-2017-12082: An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability.\n\n * CVE-2017-12086: An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.\n\n * CVE-2017-12099: An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.\n\n * CVE-2017-12100: An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.\n\n * CVE-2017-12101: An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability.\n\n * CVE-2017-12102: An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.\n\n * CVE-2017-12103: An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.\n\n * CVE-2017-12104: An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.\n\n * CVE-2017-12105: An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability.\n\n * CVE-2017-2899: An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.\n\n * CVE-2017-2900: An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.\n\n * CVE-2017-2901: An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.\n\n * CVE-2017-2902: An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.\n\n * CVE-2017-2903: An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.\n\n * CVE-2017-2904: An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.\n\n * CVE-2017-2905: An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.\n\n * CVE-2017-2906: An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.\n\n * CVE-2017-2907: An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability.\n\n * CVE-2017-2908: An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File-\u003eOpen dialog.\n\n * CVE-2017-2918: An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2018-05-11"
},
"Updated": {
"Date": "2018-05-11"
},
"BDUs": [
{
"ID": "BDU:2019-00507",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-00507",
"Impact": "High",
"Public": "20180111"
},
{
"ID": "BDU:2019-04047",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04047",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04048",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04048",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04049",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04049",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04050",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04050",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04051",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04051",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04052",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04052",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04053",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04053",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04054",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04054",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04055",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04055",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04162",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04162",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04163",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04163",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04164",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04164",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04165",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-120",
"Href": "https://bdu.fstec.ru/vul/2019-04165",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04166",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04166",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04167",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04167",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04168",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04168",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04169",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04169",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04170",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04170",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04171",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04171",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "BDU:2019-04172",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-04172",
"Impact": "High",
"Public": "20180424"
}
],
"CVEs": [
{
"ID": "CVE-2017-12081",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12081",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-12082",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12082",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-12086",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12086",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-12099",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12099",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-12100",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12100",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-12101",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12101",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-12102",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12102",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-12103",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12103",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-12104",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12104",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-12105",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-12105",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2899",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2899",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2900",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2900",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2901",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2901",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2902",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2902",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2903",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2903",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2904",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2904",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2905",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2905",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2906",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2906",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2907",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2907",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2908",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2908",
"Impact": "High",
"Public": "20180424"
},
{
"ID": "CVE-2017-2918",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-2918",
"Impact": "High",
"Public": "20180424"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:10",
"cpe:/o:alt:workstation:10",
"cpe:/o:alt:server:10",
"cpe:/o:alt:server-v:10",
"cpe:/o:alt:education:10",
"cpe:/o:alt:slinux:10",
"cpe:/o:alt:starterkit:10",
"cpe:/o:alt:starterkit:p10",
"cpe:/o:alt:container:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:2001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20181696001",
"Comment": "blender is earlier than 0:2.79b-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20181696002",
"Comment": "blender-i18n is earlier than 0:2.79b-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink