pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ec33a4b91b
vuln-list-alt/oval/c9f2/ALT-PU-2022-2269/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

658 lines
34 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20222269",
"Version": "oval:org.altlinux.errata:def:20222269",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2022-2269: package `exim` update to version 4.94.2-alt2",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2022-2269",
"RefURL": "https://errata.altlinux.org/ALT-PU-2022-2269",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-02750",
"RefURL": "https://bdu.fstec.ru/vul/2021-02750",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02751",
"RefURL": "https://bdu.fstec.ru/vul/2021-02751",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02752",
"RefURL": "https://bdu.fstec.ru/vul/2021-02752",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02753",
"RefURL": "https://bdu.fstec.ru/vul/2021-02753",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02754",
"RefURL": "https://bdu.fstec.ru/vul/2021-02754",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02755",
"RefURL": "https://bdu.fstec.ru/vul/2021-02755",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02756",
"RefURL": "https://bdu.fstec.ru/vul/2021-02756",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02757",
"RefURL": "https://bdu.fstec.ru/vul/2021-02757",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02758",
"RefURL": "https://bdu.fstec.ru/vul/2021-02758",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02759",
"RefURL": "https://bdu.fstec.ru/vul/2021-02759",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02760",
"RefURL": "https://bdu.fstec.ru/vul/2021-02760",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02761",
"RefURL": "https://bdu.fstec.ru/vul/2021-02761",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02762",
"RefURL": "https://bdu.fstec.ru/vul/2021-02762",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02763",
"RefURL": "https://bdu.fstec.ru/vul/2021-02763",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02765",
"RefURL": "https://bdu.fstec.ru/vul/2021-02765",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02766",
"RefURL": "https://bdu.fstec.ru/vul/2021-02766",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02767",
"RefURL": "https://bdu.fstec.ru/vul/2021-02767",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02768",
"RefURL": "https://bdu.fstec.ru/vul/2021-02768",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02769",
"RefURL": "https://bdu.fstec.ru/vul/2021-02769",
"Source": "BDU"
},
{
"RefID": "BDU:2021-02770",
"RefURL": "https://bdu.fstec.ru/vul/2021-02770",
"Source": "BDU"
},
{
"RefID": "CVE-2020-28007",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28007",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28008",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28008",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28009",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28009",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28010",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28010",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28011",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28011",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28012",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28012",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28013",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28013",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28014",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28014",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28015",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28015",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28016",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28016",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28017",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28017",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28018",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28018",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28019",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28019",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28021",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28021",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28022",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28022",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28023",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28023",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28024",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28024",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28025",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28025",
"Source": "CVE"
},
{
"RefID": "CVE-2020-28026",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-28026",
"Source": "CVE"
},
{
"RefID": "CVE-2021-27216",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-27216",
"Source": "CVE"
}
],
"Description": "This update upgrades exim to version 4.94.2-alt2. \nSecurity Fix(es):\n\n * BDU:2021-02750: Уязвимость агента пересылки сообщений Exim, связанная с ошибками управления привилегиями, позволяющая нарушителю удалять произвольные файлы в системе\n\n * BDU:2021-02751: Уязвимость агента пересылки сообщений Exim, связанная с ошибками управления ресурсами, позволяющая нарушителю выполнить отказа в обслуживании (DoS)\n\n * BDU:2021-02752: Уязвимость агента пересылки сообщений Exim, связанная с ошибками управления привилегиями, позволяющая нарушителю повысить привилегии в системе\n\n * BDU:2021-02753: Уязвимость функции queue_run() агента пересылки сообщений Exim, связанная с переполнением буфера в «куче», позволяющая нарушителю повысить привилегии в системе и выполнить произвольный код\n\n * BDU:2021-02754: Уязвимость функции main() агента пересылки сообщений Exim, связанная с записью за границами буфера в памяти, позволяющая нарушителю повысить привилегии в системе и выполнить произвольный код\n\n * BDU:2021-02755: Уязвимость функции parse_fix_phrase() агента пересылки сообщений Exim, связанная с переполнением буфера в «куче», позволяющая нарушителю повысить привилегии в системе и выполнить произвольный код\n\n * BDU:2021-02756: Уязвимость функции parse_fix_phrase() агента пересылки сообщений Exim, связанная с записью за границами буфера в памяти, позволяющая нарушителю повысить привилегии в системе и выполнить произвольный код\n\n * BDU:2021-02757: Уязвимость агента пересылки сообщений Exim, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2021-02758: Уязвимость агента пересылки сообщений Exim, связанная с недостатками механизмов безопасности, позволяющая нарушителю повысить привилегии\n\n * BDU:2021-02759: Уязвимость функции get_stdinput() агента пересылки сообщений Exim, связанная с целочисленным переполнением, позволяющая нарушителю повысить привилегии или выполнять произвольный код\n\n * BDU:2021-02760: Уязвимость агента пересылки сообщений Exim, связанная с ошибками управления привилегиями, позволяющая нарушителю повысить привилегии в системе\n\n * BDU:2021-02761: Уязвимость функции smtp_setup_msg() агента пересылки сообщений Exim, связанная с чтением за границами буфера в памяти, позволяющая нарушителю получить доступ к конфиденциальной информации\n\n * BDU:2021-02762: Уязвимость агента пересылки сообщений Exim, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти введенные ограничения безопасности\n\n * BDU:2021-02763: Уязвимость функции spool_read_header() агента пересылки сообщений Exim, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю обойти ограничения безопасности\n\n * BDU:2021-02765: Уязвимость функции extract_option() агента пересылки сообщений Exim, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-02766: Уязвимость компонента tls-openssl.c агента пересылки сообщений Exim, связанная с использованием памяти после ее освобождения, позволяющая нарушителю повысить привилегии в системе и выполнить произвольный код\n\n * BDU:2021-02767: Уязвимость функции smtp_ungetc() агента пересылки сообщений Exim, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2021-02768: Уязвимость агента пересылки сообщений Exim, связанная с отслеживаниеи символьных ссылок, позволяющая нарушителю повысить привилегии в системе\n\n * BDU:2021-02769: Уязвимость функции pdkim_finish_bodyhash() агента пересылки сообщений Exim, связанная с чтением за границами буфера в памяти, позволяющая нарушителю получить доступ конфиденциальной информации\n\n * BDU:2021-02770: Уязвимость функции receive_add_recipient() агента пересылки сообщений Exim, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * CVE-2020-28007: Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem.\n\n * CVE-2020-28008: Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution.\n\n * CVE-2020-28009: Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execution time needed to overflow (multiple days).\n\n * CVE-2020-28010: Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).\n\n * CVE-2020-28011: Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.\n\n * CVE-2020-28012: Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.\n\n * CVE-2020-28013: Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles \"-F '.('\" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.\n\n * CVE-2020-28014: Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.\n\n * CVE-2020-28015: Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.\n\n * CVE-2020-28016: Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because \"-F ''\" is mishandled by parse_fix_phrase.\n\n * CVE-2020-28017: Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.\n\n * CVE-2020-28018: Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.\n\n * CVE-2020-28019: Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client uses BDAT instead of DATA.\n\n * CVE-2020-28021: Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command.\n\n * CVE-2020-28022: Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.\n\n * CVE-2020-28023: Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client.\n\n * CVE-2020-28024: Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.\n\n * CVE-2020-28025: Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig-\u003ebodyhash.len and b-\u003ebh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory.\n\n * CVE-2020-28026: Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root.\n\n * CVE-2021-27216: Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race condition, a local user can delete arbitrary files as root. This involves the -oP and -oPX options.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2022-07-18"
},
"Updated": {
"Date": "2022-07-18"
},
"BDUs": [
{
"ID": "BDU:2021-02750",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2021-02750",
"Impact": "Low",
"Public": "20210504"
},
{
"ID": "BDU:2021-02751",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-399, CWE-665",
"Href": "https://bdu.fstec.ru/vul/2021-02751",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02752",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"CWE": "CWE-264",
"Href": "https://bdu.fstec.ru/vul/2021-02752",
"Impact": "Low",
"Public": "20201020"
},
{
"ID": "BDU:2021-02753",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-02753",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02754",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-02754",
"Impact": "High",
"Public": "20210504"
},
{
"ID": "BDU:2021-02755",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-122, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-02755",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02756",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-02756",
"Impact": "High",
"Public": "20210504"
},
{
"ID": "BDU:2021-02757",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-02757",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02758",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-254, CWE-668",
"Href": "https://bdu.fstec.ru/vul/2021-02758",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02759",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-02759",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02760",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-264, CWE-269",
"Href": "https://bdu.fstec.ru/vul/2021-02760",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02761",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-02761",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02762",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CWE": "CWE-20",
"Href": "https://bdu.fstec.ru/vul/2021-02762",
"Impact": "Critical",
"Public": "20201020"
},
{
"ID": "BDU:2021-02763",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CWE": "CWE-20, CWE-88",
"Href": "https://bdu.fstec.ru/vul/2021-02763",
"Impact": "Critical",
"Public": "20201020"
},
{
"ID": "BDU:2021-02765",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-787",
"Href": "https://bdu.fstec.ru/vul/2021-02765",
"Impact": "Critical",
"Public": "20201020"
},
{
"ID": "BDU:2021-02766",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2021-02766",
"Impact": "Critical",
"Public": "20210504"
},
{
"ID": "BDU:2021-02767",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-119, CWE-191",
"Href": "https://bdu.fstec.ru/vul/2021-02767",
"Impact": "Critical",
"Public": "20201020"
},
{
"ID": "BDU:2021-02768",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-59, CWE-61",
"Href": "https://bdu.fstec.ru/vul/2021-02768",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02769",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://bdu.fstec.ru/vul/2021-02769",
"Impact": "High",
"Public": "20201020"
},
{
"ID": "BDU:2021-02770",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2021-02770",
"Impact": "Critical",
"Public": "20201020"
}
],
"CVEs": [
{
"ID": "CVE-2020-28007",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-59",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28007",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28008",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-269",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28008",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28009",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28009",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28010",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28010",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28011",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28011",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28012",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28012",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28013",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28013",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28014",
"CVSS": "AV:L/AC:L/Au:N/C:N/I:P/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"CWE": "CWE-269",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28014",
"Impact": "Low",
"Public": "20210506"
},
{
"ID": "CVE-2020-28015",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28015",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28016",
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28016",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28017",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28017",
"Impact": "Critical",
"Public": "20210506"
},
{
"ID": "CVE-2020-28018",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28018",
"Impact": "Critical",
"Public": "20210506"
},
{
"ID": "CVE-2020-28019",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-665",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28019",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28021",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28021",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28022",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28022",
"Impact": "Critical",
"Public": "20210506"
},
{
"ID": "CVE-2020-28023",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28023",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28024",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28024",
"Impact": "Critical",
"Public": "20210506"
},
{
"ID": "CVE-2020-28025",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CWE": "CWE-125",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28025",
"Impact": "High",
"Public": "20210506"
},
{
"ID": "CVE-2020-28026",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-Other",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-28026",
"Impact": "Critical",
"Public": "20210506"
},
{
"ID": "CVE-2021-27216",
"CVSS": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"CWE": "CWE-362",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-27216",
"Impact": "Low",
"Public": "20210506"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20222269001",
"Comment": "exim is earlier than 0:4.94.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222269002",
"Comment": "exim-config is earlier than 0:4.94.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222269003",
"Comment": "exim-doc is earlier than 0:4.94.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222269004",
"Comment": "exim-ldap is earlier than 0:4.94.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222269005",
"Comment": "exim-mysql is earlier than 0:4.94.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222269006",
"Comment": "exim-pgsql is earlier than 0:4.94.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222269007",
"Comment": "exim-sqlite is earlier than 0:4.94.2-alt2"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20222269008",
"Comment": "exim-tools is earlier than 0:4.94.2-alt2"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink