diff --git a/Cargo.toml b/Cargo.toml index a761b6a..a5d7d3c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cvrf2cusa" -version = "0.1.1" +version = "0.1.2" edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html diff --git a/README.md b/README.md index a86ec54..9bff53b 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ -这个应用于 CULinux VAT 系统中,将 openEuler 的 cvrf 格式的安全公告转换为 cusa。 +# 这个应用于 CULinux VAT 系统中,将 openEuler 的 cvrf 格式的安全公告转换为 cusa。 + +## 使用方法 ``` $ cvrf2cusa -h @@ -15,3 +17,7 @@ Options: -h, --help Print help -V, --version Print version ``` + +## 变更日志 + +- *v0.1.2*:更新目录结构,以组件的小写首字母作二级目录。 diff --git a/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json b/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json index bbad8f8..c55c35c 100644 --- a/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json +++ b/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.20-1_openEuler-SA-2022-2056.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2056", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2056", "title": "An update for three-eight-nine-ds-base is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.(CVE-2020-35518)", "cves": [ { "id": "CVE-2020-35518", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35518", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json b/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json index ce413fe..c971411 100644 --- a/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json +++ b/cusa/3/three-eight-nine-ds-base/389-ds-base-1.4.3.36-5_openEuler-SA-2024-1148.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1148", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1148", "title": "An update for three-eight-nine-ds-base is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.(CVE-2024-1062)", "cves": [ { "id": "CVE-2024-1062", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1062", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json index 97bd483..d63d23e 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-1_openEuler-SA-2022-1670.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1670", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1670", "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.(CVE-2022-1114)", "cves": [ { "id": "CVE-2022-1114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1114", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json index 7660b71..55ce40b 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1896.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1896", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1896", "title": "An update for ImageMagick is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "\r\n\r\nSecurity Fix(es):\r\n\r\nIn ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. This could potentially cause a denial of service. This was fixed in upstream ImageMagick version 7.1.0-30.(CVE-2022-2719)", "cves": [ { "id": "CVE-2022-2719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2719", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json index 111a506..41e5944 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-3_openEuler-SA-2022-1903.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1903", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1903", "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.(CVE-2022-1115)", "cves": [ { "id": "CVE-2022-1115", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1115", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json index 9328c6c..496ccea 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-1998.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1998", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1998", "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.(CVE-2022-3213)", "cves": [ { "id": "CVE-2022-3213", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3213", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json index 58aea4c..14fbe83 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-4_openEuler-SA-2022-2091.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2091", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2091", "title": "An update for ImageMagick is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. . The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: .(CVE-2021-39212)\r\n\r\nA NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault.(CVE-2021-3596)", "cves": [ { "id": "CVE-2021-3596", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3596", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json index 9d2aed1..79853f1 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-5_openEuler-SA-2022-2109.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2109", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2109", "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR,WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nIn ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior.(CVE-2022-32547)", "cves": [ { "id": "CVE-2022-32547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32547", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json index af3392b..8a6ba70 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.0.28-6_openEuler-SA-2023-1065.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1065", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1065", "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR,WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort,shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.(CVE-2022-44267)\r\n\r\nImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).(CVE-2022-44268)", "cves": [ { "id": "CVE-2022-44268", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44268", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json index 2feff6f..09bc2bd 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1259.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1259", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1259", "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in \"/tmp,\" resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.(CVE-2023-1289)\r\n\r\nA heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.(CVE-2023-1906)", "cves": [ { "id": "CVE-2023-1906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1906", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json index 6de3c4f..bbfc7aa 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-1_openEuler-SA-2023-1332.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1332", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1332", "title": "An update for ImageMagick is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.(CVE-2023-2157)", "cves": [ { "id": "CVE-2023-2157", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2157", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json index 2e8298b..8f1f5af 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-2_openEuler-SA-2023-1349.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1349", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1349", "title": "An update for ImageMagick is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).(CVE-2023-34151)\n\nA vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.(CVE-2023-34153)", "cves": [ { "id": "CVE-2023-34153", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34153", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json index 186fead..1f85a63 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-3_openEuler-SA-2023-1407.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1407", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1407", "title": "An update for ImageMagick is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.(CVE-2023-34474)\n\nA heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.(CVE-2023-34475)", "cves": [ { "id": "CVE-2023-34475", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34475", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json index 86200b5..83bfd39 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-4_openEuler-SA-2023-1442.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1442", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1442", "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects,or draw text, lines, polygons, ellipses and Bézier curves.\n\nSecurity Fix(es):\n\nA vulnerability was found in ImageMagick <=7.1.1, where heap-based buffer overflow was found in coders/tiff.c.\n\nReferences:\nhttps://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790(CVE-2023-3428)", "cves": [ { "id": "CVE-2023-3428", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3428", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json index 2642191..633823e 100644 --- a/cusa/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json +++ b/cusa/I/ImageMagick/ImageMagick-7.1.1.8-5_openEuler-SA-2023-1733.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1733", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1733", "title": "An update for ImageMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in ImageMagick <=7.1.1, where heap use-after-free was found in coders/bmp.c.\r\n\r\nReferences:\nhttps://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1(CVE-2023-5341)", "cves": [ { "id": "CVE-2023-5341", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5341", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json b/cusa/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json index d5947a6..0dd5555 100644 --- a/cusa/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json +++ b/cusa/I/iSulad/iSulad-2.0.18-16_openEuler-SA-2024-1287.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1287", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287", "title": "An update for iSulad is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "This is a umbrella project for gRPC-services based Lightweight Container Runtime Daemon, written by C.\r\n\r\nSecurity Fix(es):\r\n\r\n在isulad服务初始化阶段,会进行临时文件的正确性检查,如果检查不通过则重新创建文件,在检查与创建之间,存在一个条件竞争问题,攻击者可以通过利用该漏洞进行提权。(CVE-2021-33632)", "cves": [ { "id": "CVE-2021-33632", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33632", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json b/cusa/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json index 5e79b3c..c34e272 100644 --- a/cusa/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json +++ b/cusa/I/indent/indent-2.2.11-29_openEuler-SA-2023-1552.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1552", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1552", "title": "An update for indent is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "The indent program can be used to make code easier to read. It can also convert from one style of writing C to another. indent understands a substantial amount about the syntax of C, but it also attempts to cope with incomplete and misformed syntax.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.(CVE-2023-40305)", "cves": [ { "id": "CVE-2023-40305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40305", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json b/cusa/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json index 055264b..ade5ab9 100644 --- a/cusa/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json +++ b/cusa/I/indent/indent-2.2.11-30_openEuler-SA-2024-1199.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1199", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1199", "title": "An update for indent is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "The indent program can be used to make code easier to read. It can also convert from one style of writing C to another. indent understands a substantial amount about the syntax of C, but it also attempts to cope with incomplete and misformed syntax.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.(CVE-2024-0911)", "cves": [ { "id": "CVE-2024-0911", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0911", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json b/cusa/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json index 53bbff1..e72c074 100644 --- a/cusa/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json +++ b/cusa/I/infinispan/infinispan-8.2.4-13_openEuler-SA-2024-1667.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1667", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1667", "title": "An update for infinispan is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "Infinispan is an extremely scalable, highly available data grid platform - 100% open source, and written in Java. The purpose of Infinispan is to expose a data structure that is highly concurrent, designed ground-up to make the most of modern multi-processor/multi-core architectures while at the same time providing distributed cache capabilities. At its core Infinispan exposes a Cache interface which extends java.util.Map. It is also optionally is backed by a peer-to-peer network architecture to distribute state efficiently around a data grid.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.(CVE-2019-10174)", "cves": [ { "id": "CVE-2019-10174", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10174", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json b/cusa/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json index ab54939..f77810d 100644 --- a/cusa/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json +++ b/cusa/I/iniparser/iniparser-4.1-4_openEuler-SA-2023-1388.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1388", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1388", "title": "An update for iniparser is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "This modules offers parsing of ini files from the C level. See a complete documentation in HTML format, from this directory open the file html/index.html with any HTML-capable browser.\r\n\r\nSecurity Fix(es):\r\n\r\niniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return.(CVE-2023-33461)", "cves": [ { "id": "CVE-2023-33461", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33461", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json b/cusa/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json index e7af22e..e4e1c17 100644 --- a/cusa/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json +++ b/cusa/I/intel-sgx-ssl/intel-sgx-ssl-2.15.1-2_openEuler-SA-2022-1898.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1898", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1898", "title": "An update for intel-sgx-ssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The Intel® Software Guard Extensions SSL (Intel® SGX SSL) cryptographic library is intended to provide cryptographic services for Intel® Software Guard Extensions (SGX) enclave applications. The Intel® SGX SSL cryptographic library is based on the underlying OpenSSL* Open Source project, providing a full-strength general purpose cryptography library. Supported OpenSSL version is 1.1.1l.\r\n\r\nSecurity Fix(es):\r\n\r\nThe c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).(CVE-2022-1292)\r\n\r\nIn addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).(CVE-2022-2068)\r\n\r\nAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097)\r\n\r\nThe BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).(CVE-2022-0778)", "cves": [ { "id": "CVE-2022-0778", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/iperf3/iperf3-3.10.1-2_openEuler-SA-2023-1497.json b/cusa/I/iperf3/iperf3-3.10.1-2_openEuler-SA-2023-1497.json index e1d098e..f065ec1 100644 --- a/cusa/I/iperf3/iperf3-3.10.1-2_openEuler-SA-2023-1497.json +++ b/cusa/I/iperf3/iperf3-3.10.1-2_openEuler-SA-2023-1497.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1497", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1497", "title": "An update for iperf3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "Iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers.\r\n\r\nSecurity Fix(es):\r\n\r\niperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.(CVE-2023-38403)", "cves": [ { "id": "CVE-2023-38403", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38403", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/I/iperf3/iperf3-3.16-1_openEuler-SA-2024-1418.json b/cusa/I/iperf3/iperf3-3.16-1_openEuler-SA-2024-1418.json index d45939c..a5ba335 100644 --- a/cusa/I/iperf3/iperf3-3.16-1_openEuler-SA-2024-1418.json +++ b/cusa/I/iperf3/iperf3-3.16-1_openEuler-SA-2024-1418.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1418", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1418", "title": "An update for iperf3 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "Iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.(CVE-2023-7250)", "cves": [ { "id": "CVE-2023-7250", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7250", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/OpenEXR/OpenEXR-3.1.5-1_openEuler-SA-2022-1639.json b/cusa/O/OpenEXR/OpenEXR-3.1.5-1_openEuler-SA-2022-1639.json index 7f13b04..2b53aff 100644 --- a/cusa/O/OpenEXR/OpenEXR-3.1.5-1_openEuler-SA-2022-1639.json +++ b/cusa/O/OpenEXR/OpenEXR-3.1.5-1_openEuler-SA-2022-1639.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1639", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1639", "title": "An update for OpenEXR is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light and Magic for use in computer imaging applications.\r\n\r\nSecurity Fix(es):\nOpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1::LineCompositeTask::execute (called from IlmThread_3_1::NullThreadPoolProvider::addTask and IlmThread_3_1::ThreadPool::addGlobalTask). NOTE: db217f2 may be inapplicable.(CVE-2021-45942)", "cves": [ { "id": "CVE-2021-45942", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45942", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/OpenEXR/OpenEXR-3.1.5-3_openEuler-SA-2024-1549.json b/cusa/O/OpenEXR/OpenEXR-3.1.5-3_openEuler-SA-2024-1549.json index 3e45b4c..bca445e 100644 --- a/cusa/O/OpenEXR/OpenEXR-3.1.5-3_openEuler-SA-2024-1549.json +++ b/cusa/O/OpenEXR/OpenEXR-3.1.5-3_openEuler-SA-2024-1549.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1549", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1549", "title": "An update for OpenEXR is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "OpenEXR is a high dynamic-range (HDR) image file format originally developed by Industrial Light & Magic for use in computer imaging applications.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.(CVE-2024-31047)", "cves": [ { "id": "CVE-2024-31047", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31047", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/open-vm-tools/open-vm-tools-12.0.5-3_openEuler-SA-2023-1629.json b/cusa/O/open-vm-tools/open-vm-tools-12.0.5-3_openEuler-SA-2023-1629.json index 44a5180..ef2b291 100644 --- a/cusa/O/open-vm-tools/open-vm-tools-12.0.5-3_openEuler-SA-2023-1629.json +++ b/cusa/O/open-vm-tools/open-vm-tools-12.0.5-3_openEuler-SA-2023-1629.json @@ -2,7 +2,7 @@ "id": "openEuler-SA-2023-1629", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1629", "title": "An update for open-vm-tools is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of .\r\n\r\nSecurity Fix(es):\r\n\r\nA fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.(CVE-2023-20867)\r\n\r\nA malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .(CVE-2023-20900)", "cves": [ { diff --git a/cusa/O/open-vm-tools/open-vm-tools-12.0.5-4_openEuler-SA-2023-1831.json b/cusa/O/open-vm-tools/open-vm-tools-12.0.5-4_openEuler-SA-2023-1831.json index 931be5f..b9e7641 100644 --- a/cusa/O/open-vm-tools/open-vm-tools-12.0.5-4_openEuler-SA-2023-1831.json +++ b/cusa/O/open-vm-tools/open-vm-tools-12.0.5-4_openEuler-SA-2023-1831.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1831", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1831", "title": "An update for open-vm-tools is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of .\r\n\r\nSecurity Fix(es):\r\n\r\nVMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .(CVE-2023-34058)\r\n\r\nopen-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs.(CVE-2023-34059)", "cves": [ { "id": "CVE-2023-34059", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34059", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/openjpeg2/openjpeg2-2.4.0-6_openEuler-SA-2022-1678.json b/cusa/O/openjpeg2/openjpeg2-2.4.0-6_openEuler-SA-2022-1678.json index 677dd8c..576eb94 100644 --- a/cusa/O/openjpeg2/openjpeg2-2.4.0-6_openEuler-SA-2022-1678.json +++ b/cusa/O/openjpeg2/openjpeg2-2.4.0-6_openEuler-SA-2022-1678.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1678", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1678", "title": "An update for openjpeg2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group (JPEG). Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000 Reference Software.\r\n\nSecurity Fix(es):\r\n\r\nA flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service.(CVE-2022-1122)", "cves": [ { "id": "CVE-2022-1122", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1122", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openldap/openldap-2.6.0-5_openEuler-SA-2023-1334.json b/cusa/O/openldap/openldap-2.6.0-5_openEuler-SA-2023-1334.json index 3408eef..fd1eadc 100644 --- a/cusa/O/openldap/openldap-2.6.0-5_openEuler-SA-2023-1334.json +++ b/cusa/O/openldap/openldap-2.6.0-5_openEuler-SA-2023-1334.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1334", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1334", "title": "An update for openldap is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.(CVE-2023-2953)", "cves": [ { "id": "CVE-2023-2953", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/opensc/opensc-0.21.0-6_openEuler-SA-2022-1664.json b/cusa/O/opensc/opensc-0.21.0-6_openEuler-SA-2022-1664.json index 7c023e9..4528aa3 100644 --- a/cusa/O/opensc/opensc-0.21.0-6_openEuler-SA-2022-1664.json +++ b/cusa/O/opensc/opensc-0.21.0-6_openEuler-SA-2022-1664.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1664", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1664", "title": "An update for opensc is now available for openEuler-20.03-LTS-SP1, openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to smart cards, e.g. PKCS#11 API, Windows’ Smart Card Minidriver and macOS Tokend.\r\n\r\nSecurity Fix(es):\r\n\r\nA heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.(CVE-2021-42778)\n\nA use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.(CVE-2021-42780)\n\nStack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.(CVE-2021-42782)", "cves": [ { "id": "CVE-2021-42782", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42782", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openssh/openssh-8.8p1-17_openEuler-SA-2023-1063.json b/cusa/O/openssh/openssh-8.8p1-17_openEuler-SA-2023-1063.json index d9b5b41..5544c2d 100644 --- a/cusa/O/openssh/openssh-8.8p1-17_openEuler-SA-2023-1063.json +++ b/cusa/O/openssh/openssh-8.8p1-17_openEuler-SA-2023-1063.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1063", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1063", "title": "An update for openssh is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \\ It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \\ other attacks. In addition, OpenSSH provides a large suite of secure tunneling \\ capabilities, several authentication methods, and sophisticated configuration options.\r\n\r\nSecurity Fix(es):\r\n\r\nOpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration. One third-party report states \"remote code execution is theoretically possible.\"(CVE-2023-25136)", "cves": [ { "id": "CVE-2023-25136", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25136", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openssh/openssh-8.8p1-22_openEuler-SA-2023-1480.json b/cusa/O/openssh/openssh-8.8p1-22_openEuler-SA-2023-1480.json index 9f918d8..c68d544 100644 --- a/cusa/O/openssh/openssh-8.8p1-22_openEuler-SA-2023-1480.json +++ b/cusa/O/openssh/openssh-8.8p1-22_openEuler-SA-2023-1480.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1480", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1480", "title": "An update for openssh is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "OpenSSH is the premier connectivity tool for remote login with the SSH protocol.\r\n\r\nSecurity Fix(es):\r\n\r\nThe PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.(CVE-2023-38408)", "cves": [ { "id": "CVE-2023-38408", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38408", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/openssh/openssh-8.8p1-23_openEuler-SA-2023-1977.json b/cusa/O/openssh/openssh-8.8p1-23_openEuler-SA-2023-1977.json index f2deb2c..0442816 100644 --- a/cusa/O/openssh/openssh-8.8p1-23_openEuler-SA-2023-1977.json +++ b/cusa/O/openssh/openssh-8.8p1-23_openEuler-SA-2023-1977.json @@ -8,7 +8,7 @@ { "id": "CVE-2023-51385", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51385", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openssl/openssl-1.1.1m-18_openEuler-SA-2023-1092.json b/cusa/O/openssl/openssl-1.1.1m-18_openEuler-SA-2023-1092.json index 2e698ec..4f4ae17 100644 --- a/cusa/O/openssl/openssl-1.1.1m-18_openEuler-SA-2023-1092.json +++ b/cusa/O/openssl/openssl-1.1.1m-18_openEuler-SA-2023-1092.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1092", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1092", "title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nThe public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215)\r\n\r\nA timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304)\r\n\r\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450)\n\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)", "cves": [ { "id": "CVE-2023-0286", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openssl/openssl-1.1.1m-19_openEuler-SA-2023-1207.json b/cusa/O/openssl/openssl-1.1.1m-19_openEuler-SA-2023-1207.json index 2d87bd2..c3d7f81 100644 --- a/cusa/O/openssl/openssl-1.1.1m-19_openEuler-SA-2023-1207.json +++ b/cusa/O/openssl/openssl-1.1.1m-19_openEuler-SA-2023-1207.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1207", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1207", "title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nA security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464)\r\n\r\nApplications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465)\r\n\r\nThe function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.(CVE-2023-0466)", "cves": [ { "id": "CVE-2023-0466", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/openssl/openssl-1.1.1m-20_openEuler-SA-2023-1356.json b/cusa/O/openssl/openssl-1.1.1m-20_openEuler-SA-2023-1356.json index 3c706ff..1b916a7 100644 --- a/cusa/O/openssl/openssl-1.1.1m-20_openEuler-SA-2023-1356.json +++ b/cusa/O/openssl/openssl-1.1.1m-20_openEuler-SA-2023-1356.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1356", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1356", "title": "An update for openssl is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\n\nSecurity Fix(es):\n\nIssue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.(CVE-2023-2650)", "cves": [ { "id": "CVE-2023-2650", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/openssl/openssl-1.1.1m-21_openEuler-SA-2023-1466.json b/cusa/O/openssl/openssl-1.1.1m-21_openEuler-SA-2023-1466.json index d5f1a0e..5c8559e 100644 --- a/cusa/O/openssl/openssl-1.1.1m-21_openEuler-SA-2023-1466.json +++ b/cusa/O/openssl/openssl-1.1.1m-21_openEuler-SA-2023-1466.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1466", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1466", "title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\n\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\r\n\r\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\r\n\r\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\r\n\r\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\r\n\r\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\r\n\r\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446)", "cves": [ { "id": "CVE-2023-3446", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openssl/openssl-1.1.1m-22_openEuler-SA-2023-1481.json b/cusa/O/openssl/openssl-1.1.1m-22_openEuler-SA-2023-1481.json index 5574a27..5e81ced 100644 --- a/cusa/O/openssl/openssl-1.1.1m-22_openEuler-SA-2023-1481.json +++ b/cusa/O/openssl/openssl-1.1.1m-22_openEuler-SA-2023-1481.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1481", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1481", "title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\r\n\r\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\r\n\r\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\r\n\r\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\r\n\r\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\r\n\r\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3817)", "cves": [ { "id": "CVE-2023-3817", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openssl/openssl-1.1.1m-24_openEuler-SA-2023-1821.json b/cusa/O/openssl/openssl-1.1.1m-24_openEuler-SA-2023-1821.json index eceac94..ffa0059 100644 --- a/cusa/O/openssl/openssl-1.1.1m-24_openEuler-SA-2023-1821.json +++ b/cusa/O/openssl/openssl-1.1.1m-24_openEuler-SA-2023-1821.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1821", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1821", "title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\r\n\r\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\r\n\r\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\r\n\r\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\r\n\r\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\r\n\r\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\r\n\r\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.\r\n\r\n(CVE-2023-5678)", "cves": [ { "id": "CVE-2023-5678", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openssl/openssl-1.1.1m-26_openEuler-SA-2024-1147.json b/cusa/O/openssl/openssl-1.1.1m-26_openEuler-SA-2024-1147.json index 1d9c48b..ef9dc57 100644 --- a/cusa/O/openssl/openssl-1.1.1m-26_openEuler-SA-2024-1147.json +++ b/cusa/O/openssl/openssl-1.1.1m-26_openEuler-SA-2024-1147.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1147", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1147", "title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\r\n\r\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\r\n\r\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\r\n\r\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\r\n\r\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-0727)", "cves": [ { "id": "CVE-2024-0727", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openssl/openssl-1.1.1m-28_openEuler-SA-2024-1531.json b/cusa/O/openssl/openssl-1.1.1m-28_openEuler-SA-2024-1531.json index dd8e044..bf915af 100644 --- a/cusa/O/openssl/openssl-1.1.1m-28_openEuler-SA-2024-1531.json +++ b/cusa/O/openssl/openssl-1.1.1m-28_openEuler-SA-2024-1531.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1531", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1531", "title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL tookit and its related documentation.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\r\n\r\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\r\n\r\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\r\n\r\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.(CVE-2024-2511)", "cves": [ { "id": "CVE-2024-2511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openssl/openssl-1.1.1m-8_openEuler-SA-2022-1833.json b/cusa/O/openssl/openssl-1.1.1m-8_openEuler-SA-2022-1833.json index 675f8d6..72fe9c8 100644 --- a/cusa/O/openssl/openssl-1.1.1m-8_openEuler-SA-2022-1833.json +++ b/cusa/O/openssl/openssl-1.1.1m-8_openEuler-SA-2022-1833.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1833", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1833", "title": "An update for openssl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nAES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn t written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).(CVE-2022-2097)", "cves": [ { "id": "CVE-2022-2097", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2097", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/openvswitch/openvswitch-2.12.0-22_openEuler-SA-2022-1778.json b/cusa/O/openvswitch/openvswitch-2.12.0-22_openEuler-SA-2022-1778.json index ef5dced..710acc6 100644 --- a/cusa/O/openvswitch/openvswitch-2.12.0-22_openEuler-SA-2022-1778.json +++ b/cusa/O/openvswitch/openvswitch-2.12.0-22_openEuler-SA-2022-1778.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1778", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1778", "title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nA memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.(CVE-2021-3905)", "cves": [ { "id": "CVE-2021-3905", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3905", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-2_openEuler-SA-2023-1025.json b/cusa/O/openvswitch/openvswitch-2.12.4-2_openEuler-SA-2023-1025.json index 5007f34..b47c042 100644 --- a/cusa/O/openvswitch/openvswitch-2.12.4-2_openEuler-SA-2023-1025.json +++ b/cusa/O/openvswitch/openvswitch-2.12.4-2_openEuler-SA-2023-1025.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1025", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1025", "title": "An update for openvswitch is now available for openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch.(CVE-2022-4338)", "cves": [ { "id": "CVE-2022-4338", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4338", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-4_openEuler-SA-2023-1234.json b/cusa/O/openvswitch/openvswitch-2.12.4-4_openEuler-SA-2023-1234.json index e16b617..743b138 100644 --- a/cusa/O/openvswitch/openvswitch-2.12.4-4_openEuler-SA-2023-1234.json +++ b/cusa/O/openvswitch/openvswitch-2.12.4-4_openEuler-SA-2023-1234.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1234", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1234", "title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.(CVE-2023-1668)", "cves": [ { "id": "CVE-2023-1668", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1668", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-5_openEuler-SA-2023-1732.json b/cusa/O/openvswitch/openvswitch-2.12.4-5_openEuler-SA-2023-1732.json index bd4bef5..d0a8164 100644 --- a/cusa/O/openvswitch/openvswitch-2.12.4-5_openEuler-SA-2023-1732.json +++ b/cusa/O/openvswitch/openvswitch-2.12.4-5_openEuler-SA-2023-1732.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1732", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1732", "title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.(CVE-2023-5366)", "cves": [ { "id": "CVE-2023-5366", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5366", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-7_openEuler-SA-2024-1207.json b/cusa/O/openvswitch/openvswitch-2.12.4-7_openEuler-SA-2024-1207.json index 4c8fc38..ad2d8ba 100644 --- a/cusa/O/openvswitch/openvswitch-2.12.4-7_openEuler-SA-2024-1207.json +++ b/cusa/O/openvswitch/openvswitch-2.12.4-7_openEuler-SA-2024-1207.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1207", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1207", "title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is enabled.(CVE-2023-3966)", "cves": [ { "id": "CVE-2023-3966", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3966", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/openvswitch/openvswitch-2.12.4-8_openEuler-SA-2024-1384.json b/cusa/O/openvswitch/openvswitch-2.12.4-8_openEuler-SA-2024-1384.json index 921bf9f..93ff088 100644 --- a/cusa/O/openvswitch/openvswitch-2.12.4-8_openEuler-SA-2024-1384.json +++ b/cusa/O/openvswitch/openvswitch-2.12.4-8_openEuler-SA-2024-1384.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1384", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1384", "title": "An update for openvswitch is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.(CVE-2022-2639)", "cves": [ { "id": "CVE-2022-2639", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2639", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/optipng/optipng-0.7.8-1_openEuler-SA-2023-1873.json b/cusa/O/optipng/optipng-0.7.8-1_openEuler-SA-2023-1873.json index f403d2f..d24f524 100644 --- a/cusa/O/optipng/optipng-0.7.8-1_openEuler-SA-2023-1873.json +++ b/cusa/O/optipng/optipng-0.7.8-1_openEuler-SA-2023-1873.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1873", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1873", "title": "An update for optipng is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats (BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks and corrections.\r\n\r\nSecurity Fix(es):\r\n\r\nOptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.(CVE-2023-43907)", "cves": [ { "id": "CVE-2023-43907", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43907", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/O/opusfile/opusfile-0.11-5_openEuler-SA-2023-1062.json b/cusa/O/opusfile/opusfile-0.11-5_openEuler-SA-2023-1062.json index 58731d5..5d41053 100644 --- a/cusa/O/opusfile/opusfile-0.11-5_openEuler-SA-2023-1062.json +++ b/cusa/O/opusfile/opusfile-0.11-5_openEuler-SA-2023-1062.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1062", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1062", "title": "An update for opusfile is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "The opusfile library provides seeking, decode, and playback of Opus streams in the Ogg container (.opus files) including over http(s) on posix and windows systems. opusfile depends on libopus and libogg.The included opusurl library for http(s) access depends on opusfile and openssl.\r\n\r\nSecurity Fix(es):\r\n\r\nA null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.(CVE-2022-47021)", "cves": [ { "id": "CVE-2022-47021", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47021", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/a/A-Tune-Collector/atune-collector-1.1.0-8_openEuler-SA-2024-1273.json b/cusa/a/A-Tune-Collector/atune-collector-1.1.0-8_openEuler-SA-2024-1273.json index f8e2d6c..3442ee2 100644 --- a/cusa/a/A-Tune-Collector/atune-collector-1.1.0-8_openEuler-SA-2024-1273.json +++ b/cusa/a/A-Tune-Collector/atune-collector-1.1.0-8_openEuler-SA-2024-1273.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1273", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273", "title": "An update for A-Tune-Collector is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "A-Tune-Collector is used to collect various system resources.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen the get method in the sched.py file in the A-Tune-Collector software package is used to obtain the process ID, shell command combination and injection risks exist. This flaw could lead to remote arbitrary command execution.(CVE-2024-24897)", "cves": [ { "id": "CVE-2024-24897", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24897", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/a/activemq/activemq-5.16.7-1_openEuler-SA-2023-1925.json b/cusa/a/activemq/activemq-5.16.7-1_openEuler-SA-2023-1925.json index 17a90e5..3bd8860 100644 --- a/cusa/a/activemq/activemq-5.16.7-1_openEuler-SA-2023-1925.json +++ b/cusa/a/activemq/activemq-5.16.7-1_openEuler-SA-2023-1925.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1925", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1925", "title": "An update for activemq is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "The most popular and powerful open source messaging and Integration Patterns server.\r\n\r\nSecurity Fix(es):\r\n\r\nOnce an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. \r\n\r\nIn details, in ActiveMQ configurations, jetty allows\norg.jolokia.http.AgentServlet to handler request to /api/jolokia\r\n\r\norg.jolokia.http.HttpRequestHandler#handlePostRequest is able to\ncreate JmxRequest through JSONObject. And calls to\norg.jolokia.http.HttpRequestHandler#executeRequest.\r\n\r\nInto deeper calling stacks,\norg.jolokia.handler.ExecHandler#doHandleRequest is able to invoke\nthrough refection.\r\n\r\nAnd then, RCE is able to be achieved via\njdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11.\r\n\r\n1 Call newRecording.\r\n\r\n2 Call setConfiguration. And a webshell data hides in it.\r\n\r\n3 Call startRecording.\r\n\r\n4 Call copyTo method. The webshell will be written to a .jsp file.\r\n\r\nThe mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia.\nA more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.\n(CVE-2022-41678)", "cves": [ { "id": "CVE-2022-41678", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41678", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/a/amanda/amanda-3.5.1-21_openEuler-SA-2023-1149.json b/cusa/a/amanda/amanda-3.5.1-21_openEuler-SA-2023-1149.json index da76b0f..881ad6f 100644 --- a/cusa/a/amanda/amanda-3.5.1-21_openEuler-SA-2023-1149.json +++ b/cusa/a/amanda/amanda-3.5.1-21_openEuler-SA-2023-1149.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1149", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1149", "title": "An update for amanda is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape or disk drive. Amanda uses native tools (such as GNUtar, dump) for backup and can back up a large number of workstations running multiple versions of Unix/Mac OS X/Linux/Windows.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in Amanda. The `runtar` SUID binary executes /usr/bin/tar as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user \"amandabackup\" to root.(CVE-2022-37705)\r\n\r\nA flaw was found in Amanda. The `rundump` SUID binary executes /usr/sbin/dump as root without properly validating its arguments, possibly leading to escalation of privileges from the regular user \"amandabackup\" to root.(CVE-2022-37704)", "cves": [ { "id": "CVE-2022-37704", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37704", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/amanda/amanda-3.5.4-1_openEuler-SA-2023-1507.json b/cusa/a/amanda/amanda-3.5.4-1_openEuler-SA-2023-1507.json index 0b60d9f..4f6a3b9 100644 --- a/cusa/a/amanda/amanda-3.5.4-1_openEuler-SA-2023-1507.json +++ b/cusa/a/amanda/amanda-3.5.4-1_openEuler-SA-2023-1507.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1507", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1507", "title": "An update for amanda is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup system that allows the administrator of a LAN to set up a single master backup server to back up multiple hosts to a single large capacity tape or disk drive. Amanda uses native tools (such as GNUtar, dump) for backup and can back up a large number of workstations running multiple versions of Unix/Mac OS X/Linux/Windows.\n\nSecurity Fix(es):\n\nAMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.(CVE-2023-30577)", "cves": [ { "id": "CVE-2023-30577", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30577", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/a/ansible/ansible-2.9.27-4_openEuler-SA-2024-1190.json b/cusa/a/ansible/ansible-2.9.27-4_openEuler-SA-2024-1190.json index 300ff69..32fecf7 100644 --- a/cusa/a/ansible/ansible-2.9.27-4_openEuler-SA-2024-1190.json +++ b/cusa/a/ansible/ansible-2.9.27-4_openEuler-SA-2024-1190.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1190", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1190", "title": "An update for ansible is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. %if 0 Provides: ansible-python3 = - Obsoletes: ansible-python3 < - BuildRequires: python3-devel python3-setuptools BuildRequires: python3-PyYAML python3-paramiko python3-crypto python3-packaging BuildRequires: python3-pexpect python3-winrm BuildRequires: git-core %if %with_docs BuildRequires: python3-sphinx python3-sphinx-theme-alabaster asciidoc %endif BuildRequires: python3-six python3-nose python3-pytest python3-pytest-xdist BuildRequires: python3-pytest-mock python3-requests python3-coverage python3-mock BuildRequires: python3-boto3 python3-botocore python3-passlib python3-jinja2 Requires: python3-PyYAML python3-paramiko python3-crypto python3-setuptools python3-six Requires: python3-jinja2 sshpass python3-jmespath %description Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. This package installs versions of ansible that execute on Python3. %endif\r\n\r\nSecurity Fix(es):\r\n\r\nAn information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. It was discovered that information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.(CVE-2024-0690)", "cves": [ { "id": "CVE-2024-0690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0690", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/apache-commons-fileupload/apache-commons-fileupload-1.4-2_openEuler-SA-2023-1155.json b/cusa/a/apache-commons-fileupload/apache-commons-fileupload-1.4-2_openEuler-SA-2023-1155.json index 08b4e00..59bf89d 100644 --- a/cusa/a/apache-commons-fileupload/apache-commons-fileupload-1.4-2_openEuler-SA-2023-1155.json +++ b/cusa/a/apache-commons-fileupload/apache-commons-fileupload-1.4-2_openEuler-SA-2023-1155.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1155", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1155", "title": "An update for apache-commons-fileupload is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "The javax.servlet package lacks support for RFC-1867, HTML file upload. This package provides a simple to use API for working with such data. The scope of this package is to create a package of Java utility classes to read multipart/form-data within a javax.servlet.http.HttpServletRequest.\r\n\r\nSecurity Fix(es):\r\n\r\nApache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.(CVE-2023-24998)", "cves": [ { "id": "CVE-2023-24998", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/a/apache-commons-net/apache-commons-net-3.6-7_openEuler-SA-2023-1882.json b/cusa/a/apache-commons-net/apache-commons-net-3.6-7_openEuler-SA-2023-1882.json index 65dc0e2..1dcd0e6 100644 --- a/cusa/a/apache-commons-net/apache-commons-net-3.6-7_openEuler-SA-2023-1882.json +++ b/cusa/a/apache-commons-net/apache-commons-net-3.6-7_openEuler-SA-2023-1882.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1882", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1882", "title": "An update for apache-commons-net is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "Apache Commons Net library contains a collection of network utilities and protocol implementations. Supported protocols include: Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, Whois\r\n\r\nSecurity Fix(es):\r\n\r\nPrior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.(CVE-2021-37533)", "cves": [ { "id": "CVE-2021-37533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37533", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/apache-mime4j/apache-mime4j-0.8.1-3_openEuler-SA-2024-1475.json b/cusa/a/apache-mime4j/apache-mime4j-0.8.1-3_openEuler-SA-2024-1475.json index 076af54..28998f1 100644 --- a/cusa/a/apache-mime4j/apache-mime4j-0.8.1-3_openEuler-SA-2024-1475.json +++ b/cusa/a/apache-mime4j/apache-mime4j-0.8.1-3_openEuler-SA-2024-1475.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1475", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1475", "title": "An update for apache-mime4j is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Java stream based MIME message parser.\r\n\r\nSecurity Fix(es):\r\n\r\nImproper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.\nThis can be exploited by an attacker to add unintended headers to MIME messages.\n(CVE-2024-21742)", "cves": [ { "id": "CVE-2024-21742", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21742", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/apache-sshd/apache-sshd-2.9.2-2_openEuler-SA-2024-1079.json b/cusa/a/apache-sshd/apache-sshd-2.9.2-2_openEuler-SA-2024-1079.json index 0ddcbe1..a26387b 100644 --- a/cusa/a/apache-sshd/apache-sshd-2.9.2-2_openEuler-SA-2024-1079.json +++ b/cusa/a/apache-sshd/apache-sshd-2.9.2-2_openEuler-SA-2024-1079.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1079", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1079", "title": "An update for apache-sshd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side.\r\n\r\nSecurity Fix(es):\r\n\r\nExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\r\n\r\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover \"exists/does not exist\" information about items outside the rooted tree via paths including parent navigation (\"..\") beyond the root, or involving symlinks.\r\n\r\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n(CVE-2023-35887)", "cves": [ { "id": "CVE-2023-35887", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/apache-sshd/apache-sshd-2.9.2-3_openEuler-SA-2024-1101.json b/cusa/a/apache-sshd/apache-sshd-2.9.2-3_openEuler-SA-2024-1101.json index 35a31d8..41cda93 100644 --- a/cusa/a/apache-sshd/apache-sshd-2.9.2-3_openEuler-SA-2024-1101.json +++ b/cusa/a/apache-sshd/apache-sshd-2.9.2-3_openEuler-SA-2024-1101.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1101", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1101", "title": "An update for apache-sshd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "Apache SSHD is a 100% pure java library to support the SSH protocols on both the client and server side.\r\n\r\nSecurity Fix(es):\r\n\r\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)", "cves": [ { "id": "CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-2_openEuler-SA-2023-1899.json b/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-2_openEuler-SA-2023-1899.json index bb75e79..3b86926 100644 --- a/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-2_openEuler-SA-2023-1899.json +++ b/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-2_openEuler-SA-2023-1899.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1899", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1899", "title": "An update for arm-trusted-firmware is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.\r\n\r\nSecurity Fix(es):\r\n\r\nTrusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.(CVE-2022-47630)", "cves": [ { "id": "CVE-2022-47630", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47630", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-4_openEuler-SA-2024-1264.json b/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-4_openEuler-SA-2024-1264.json index 6b54a64..ccde546 100644 --- a/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-4_openEuler-SA-2024-1264.json +++ b/cusa/a/arm-trusted-firmware/arm-trusted-firmware-2.3-4_openEuler-SA-2024-1264.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1264", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1264", "title": "An update for arm-trusted-firmware is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "Trusted Firmware-A is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor.\r\n\r\nSecurity Fix(es):\r\n\r\nTrusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.(CVE-2023-49100)", "cves": [ { "id": "CVE-2023-49100", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49100", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/a/assimp/config.json b/cusa/a/assimp/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/a/assimp/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/a/atril/atril-1.22.3-3_openEuler-SA-2024-1247.json b/cusa/a/atril/atril-1.22.3-3_openEuler-SA-2024-1247.json index 8f06a59..43031a9 100644 --- a/cusa/a/atril/atril-1.22.3-3_openEuler-SA-2024-1247.json +++ b/cusa/a/atril/atril-1.22.3-3_openEuler-SA-2024-1247.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1247", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1247", "title": "An update for atril is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Mate-document-viewer is simple document viewer. It can display and print Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS), DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks and editing of forms.\r\n\r\nSecurity Fix(es):\r\n\r\nAtril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.(CVE-2023-52076)", "cves": [ { "id": "CVE-2023-52076", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52076", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/a/atril/atril-1.22.3-4_openEuler-SA-2024-1493.json b/cusa/a/atril/atril-1.22.3-4_openEuler-SA-2024-1493.json index da9e299..0f3ba1e 100644 --- a/cusa/a/atril/atril-1.22.3-4_openEuler-SA-2024-1493.json +++ b/cusa/a/atril/atril-1.22.3-4_openEuler-SA-2024-1493.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1493", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1493", "title": "An update for atril is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Mate-document-viewer is simple document viewer. It can display and print Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS), DVI, DJVU, epub and XPS files. When supported by the document format, mate-document-viewer allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents bookmarks and editing of forms.\r\n\r\nSecurity Fix(es):\r\n\r\nAtril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.\n(CVE-2023-51698)", "cves": [ { "id": "CVE-2023-51698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51698", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/a/avahi/avahi-0.8-15_openEuler-SA-2023-1240.json b/cusa/a/avahi/avahi-0.8-15_openEuler-SA-2023-1240.json index 88940d5..9ab36b4 100644 --- a/cusa/a/avahi/avahi-0.8-15_openEuler-SA-2023-1240.json +++ b/cusa/a/avahi/avahi-0.8-15_openEuler-SA-2023-1240.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1240", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1240", "title": "An update for avahi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.\r\n\r\nSecurity Fix(es):\r\n\r\nIt was discovered that the avahi deamon can be locally crashed by a dbus call made by an unprivileged user, causing a denial of service.\r\n\r\nReferences:\r\n\r\nhttps://github.com/lathiat/avahi/issues/375(CVE-2023-1981)", "cves": [ { "id": "CVE-2023-1981", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1981", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/avahi/avahi-0.8-16_openEuler-SA-2023-1758.json b/cusa/a/avahi/avahi-0.8-16_openEuler-SA-2023-1758.json index 30a698d..6919539 100644 --- a/cusa/a/avahi/avahi-0.8-16_openEuler-SA-2023-1758.json +++ b/cusa/a/avahi/avahi-0.8-16_openEuler-SA-2023-1758.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1758", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1758", "title": "An update for avahi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.\r\n\r\nSecurity Fix(es):\r\n\r\nA reachable assertion was found in avahi_escape_label.\r\n\r\nReferences:\r\n\r\nhttps://github.com/lathiat/avahi/issues/454(CVE-2023-38470)", "cves": [ { "id": "CVE-2023-38470", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38470", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1793.json b/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1793.json index ca08236..ee2f541 100644 --- a/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1793.json +++ b/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1793.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1793", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1793", "title": "An update for avahi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.(CVE-2023-38471)\r\n\r\nA vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.(CVE-2023-38472)\r\n\r\nA vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.(CVE-2023-38473)", "cves": [ { "id": "CVE-2023-38473", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38473", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1812.json b/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1812.json index 511dcd1..0c8edf1 100644 --- a/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1812.json +++ b/cusa/a/avahi/avahi-0.8-17_openEuler-SA-2023-1812.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1812", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1812", "title": "An update for avahi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. This enables you to plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.(CVE-2023-38469)", "cves": [ { "id": "CVE-2023-38469", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38469", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/a/avro/avro-1.10.2-4_openEuler-SA-2023-1950.json b/cusa/a/avro/avro-1.10.2-4_openEuler-SA-2023-1950.json index 95d261d..7ec503b 100644 --- a/cusa/a/avro/avro-1.10.2-4_openEuler-SA-2023-1950.json +++ b/cusa/a/avro/avro-1.10.2-4_openEuler-SA-2023-1950.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1950", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1950", "title": "An update for avro is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "Apache Avro is a data serialization system.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue.(CVE-2021-43045)", "cves": [ { "id": "CVE-2021-43045", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43045", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/batik/batik-1.10-7_openEuler-SA-2023-1051.json b/cusa/b/batik/batik-1.10-7_openEuler-SA-2023-1051.json index e138aff..348b862 100644 --- a/cusa/b/batik/batik-1.10-7_openEuler-SA-2023-1051.json +++ b/cusa/b/batik/batik-1.10-7_openEuler-SA-2023-1051.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1051", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1051", "title": "An update for batik is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16. It is recommended to update to version 1.16.(CVE-2022-41704)\r\n\r\nA vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16.(CVE-2022-42890)", "cves": [ { "id": "CVE-2022-42890", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/batik/batik-1.17-1_openEuler-SA-2023-1651.json b/cusa/b/batik/batik-1.17-1_openEuler-SA-2023-1651.json index 8dc8242..6cc2aa3 100644 --- a/cusa/b/batik/batik-1.17-1_openEuler-SA-2023-1651.json +++ b/cusa/b/batik/batik-1.17-1_openEuler-SA-2023-1651.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1651", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1651", "title": "An update for batik is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "Batik is an inline templating engine for CoffeeScript, inspired by CoffeeKup, that lets you write your template directly as a CoffeeScript function.\r\n\r\nSecurity Fix(es):\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38398)\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-38648)\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.(CVE-2022-40146)\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\r\n\r\nOn version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.\r\n\r\n(CVE-2022-44729)\r\n\r\nServer-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\r\n\r\nA malicious SVG can probe user profile / data and send it directly as parameter to a URL.\r\n\r\n(CVE-2022-44730)", "cves": [ { "id": "CVE-2022-44730", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44730", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/b/bcel/bcel-6.4.1-2_openEuler-SA-2022-1977.json b/cusa/b/bcel/bcel-6.4.1-2_openEuler-SA-2022-1977.json index 46ece95..f9002db 100644 --- a/cusa/b/bcel/bcel-6.4.1-2_openEuler-SA-2022-1977.json +++ b/cusa/b/bcel/bcel-6.4.1-2_openEuler-SA-2022-1977.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1977", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1977", "title": "An update for bcel is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The Byte Code Engineering Library (formerly known as JavaClass) is intended to give users a convenient possibility to analyze, create, and manipulate (binary) Java class files (those ending with .class).\r\n\r\nSecurity Fix(es):\r\n\r\nThe Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.(CVE-2022-34169)", "cves": [ { "id": "CVE-2022-34169", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/bind/bind-9.16.23-11_openEuler-SA-2022-1983.json b/cusa/b/bind/bind-9.16.23-11_openEuler-SA-2022-1983.json index 760abb5..c323181 100644 --- a/cusa/b/bind/bind-9.16.23-11_openEuler-SA-2022-1983.json +++ b/cusa/b/bind/bind-9.16.23-11_openEuler-SA-2022-1983.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1983", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1983", "title": "An update for bind is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.\r\n\r\nSecurity Fix(es):\r\n\r\nBy sending specific queries to the resolver, an attacker can cause named to crash.(CVE-2022-3080)\r\n\r\nBy spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38177)\r\n\r\nBy spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.(CVE-2022-38178)\r\n\r\nBy flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.(CVE-2022-2795)\r\n\r\nThe underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.(CVE-2022-2881)\r\n\r\nAn attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.(CVE-2022-2906)", "cves": [ { "id": "CVE-2022-2906", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2906", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/bind/bind-9.16.23-14_openEuler-SA-2023-1067.json b/cusa/b/bind/bind-9.16.23-14_openEuler-SA-2023-1067.json index 94b8f50..ea49d2c 100644 --- a/cusa/b/bind/bind-9.16.23-14_openEuler-SA-2023-1067.json +++ b/cusa/b/bind/bind-9.16.23-14_openEuler-SA-2023-1067.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1067", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1067", "title": "An update for bind is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.\r\n\r\nSecurity Fix(es):\r\n\r\nSending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.(CVE-2022-3094)\r\n\r\nBIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.(CVE-2022-3736)\r\n\r\nThis issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.(CVE-2022-3924)", "cves": [ { "id": "CVE-2022-3924", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3924", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/bind/bind-9.16.23-18_openEuler-SA-2023-1384.json b/cusa/b/bind/bind-9.16.23-18_openEuler-SA-2023-1384.json index 5614801..bbc5006 100644 --- a/cusa/b/bind/bind-9.16.23-18_openEuler-SA-2023-1384.json +++ b/cusa/b/bind/bind-9.16.23-18_openEuler-SA-2023-1384.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1384", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1384", "title": "An update for bind is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server\r\n\r\nSecurity Fix(es):\r\n\r\nEvery `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.\r\n\r\nIt has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.(CVE-2023-2828)", "cves": [ { "id": "CVE-2023-2828", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2828", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/bind/bind-9.16.23-20_openEuler-SA-2023-1689.json b/cusa/b/bind/bind-9.16.23-20_openEuler-SA-2023-1689.json index dda19b4..c98743e 100644 --- a/cusa/b/bind/bind-9.16.23-20_openEuler-SA-2023-1689.json +++ b/cusa/b/bind/bind-9.16.23-20_openEuler-SA-2023-1689.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1689", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1689", "title": "An update for bind is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server.\r\n\r\nSecurity Fix(es):\r\n\r\nThe code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.(CVE-2023-3341)", "cves": [ { "id": "CVE-2023-3341", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3341", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/bind/bind-9.16.23-21_openEuler-SA-2024-1323.json b/cusa/b/bind/bind-9.16.23-21_openEuler-SA-2024-1323.json index 400680c..37aa29a 100644 --- a/cusa/b/bind/bind-9.16.23-21_openEuler-SA-2024-1323.json +++ b/cusa/b/bind/bind-9.16.23-21_openEuler-SA-2024-1323.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1323", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1323", "title": "An update for bind is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server.\r\n\r\nSecurity Fix(es):\r\n\r\nThe DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.(CVE-2023-4408)\r\n\r\nCertain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.(CVE-2023-50387)\r\n\r\nA flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\r\n\r\n - `nxdomain-redirect ;` is configured, and\n - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.(CVE-2023-5517)\r\n\r\nA bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.(CVE-2023-5679)\r\n\r\nTo keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.(CVE-2023-6516)", "cves": [ { "id": "CVE-2023-6516", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6516", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/bind/bind-9.16.23-8_openEuler-SA-2022-1615.json b/cusa/b/bind/bind-9.16.23-8_openEuler-SA-2022-1615.json index f5ad3e6..e435f28 100644 --- a/cusa/b/bind/bind-9.16.23-8_openEuler-SA-2022-1615.json +++ b/cusa/b/bind/bind-9.16.23-8_openEuler-SA-2022-1615.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1615", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1615", "title": "An update for bind is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.\r\n\r\nSecurity Fix(es):\r\n\r\nBIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.(CVE-2021-25220)\n\n\nBIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.(CVE-2022-0396)", "cves": [ { "id": "CVE-2022-0396", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0396", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/b/binutils/binutils-2.37-22_openEuler-SA-2023-1570.json b/cusa/b/binutils/binutils-2.37-22_openEuler-SA-2023-1570.json index defd1a7..24557e3 100644 --- a/cusa/b/binutils/binutils-2.37-22_openEuler-SA-2023-1570.json +++ b/cusa/b/binutils/binutils-2.37-22_openEuler-SA-2023-1570.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1570", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1570", "title": "An update for binutils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "The GNU Binutils are a collection of binary tools.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.(CVE-2021-46174)\r\n\r\nAn issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47008)\r\n\r\nAn issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.(CVE-2022-47011)", "cves": [ { "id": "CVE-2022-47011", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47011", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/binutils/binutils-2.37-25_openEuler-SA-2023-1592.json b/cusa/b/binutils/binutils-2.37-25_openEuler-SA-2023-1592.json index af09a1d..909990b 100644 --- a/cusa/b/binutils/binutils-2.37-25_openEuler-SA-2023-1592.json +++ b/cusa/b/binutils/binutils-2.37-25_openEuler-SA-2023-1592.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1592", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1592", "title": "An update for binutils is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "The GNU Binutils are a collection of binary tools. The main ones are: ld - the GNU linker. as - the GNU assembler. addr2line - Converts addresses into filenames and line numbers. ar - A utility for creating, modifying and extracting from archives. c++filt - Filter to demangle encoded C++ symbols. dlltool - Creates files for building and using DLLs. gold - A new, faster, ELF only linker, still in beta test. gprof - Displays profiling information. nlmconv - Converts object code into an NLM. nm - Lists symbols from object files. objcopy - Copies and translates object files. objdump - Displays information from object files. ranlib - Generates an index to the contents of an archive. readelf - Displays information from any ELF format object file. size - Lists the section sizes of an object or archive file. strings - Lists printable strings from files. trip - Discards symbols. windmc - A Windows compatible message compiler. windres - A compiler for Windows resource files.\r\n\r\nSecurity Fix(es):\r\n\r\nAn illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.(CVE-2022-4285)\r\n\r\nGNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.(CVE-2022-48064)\r\n\r\nA potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.(CVE-2023-1972)", "cves": [ { "id": "CVE-2023-1972", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1972", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/b/bluez/bluez-5.54-14_openEuler-SA-2022-1763.json b/cusa/b/bluez/bluez-5.54-14_openEuler-SA-2022-1763.json index 9c4ef2f..fe29dc9 100644 --- a/cusa/b/bluez/bluez-5.54-14_openEuler-SA-2022-1763.json +++ b/cusa/b/bluez/bluez-5.54-14_openEuler-SA-2022-1763.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1763", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1763", "title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nBlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.(CVE-2021-41229)", "cves": [ { "id": "CVE-2021-41229", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41229", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/b/bluez/bluez-5.54-15_openEuler-SA-2022-1922.json b/cusa/b/bluez/bluez-5.54-15_openEuler-SA-2022-1922.json index 7142450..69f7f4a 100644 --- a/cusa/b/bluez/bluez-5.54-15_openEuler-SA-2022-1922.json +++ b/cusa/b/bluez/bluez-5.54-15_openEuler-SA-2022-1922.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1922", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1922", "title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nBlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.(CVE-2022-39177)\r\n\r\nBlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.(CVE-2022-39176)", "cves": [ { "id": "CVE-2022-39176", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39176", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/b/bluez/bluez-5.54-17_openEuler-SA-2023-1249.json b/cusa/b/bluez/bluez-5.54-17_openEuler-SA-2023-1249.json index c3ac573..1116630 100644 --- a/cusa/b/bluez/bluez-5.54-17_openEuler-SA-2023-1249.json +++ b/cusa/b/bluez/bluez-5.54-17_openEuler-SA-2023-1249.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1249", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1249", "title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\n(CVE-2023-27349)", "cves": [ { "id": "CVE-2023-27349", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27349", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/bluez/bluez-5.54-18_openEuler-SA-2023-1948.json b/cusa/b/bluez/bluez-5.54-18_openEuler-SA-2023-1948.json index 1720d3e..67af6d3 100644 --- a/cusa/b/bluez/bluez-5.54-18_openEuler-SA-2023-1948.json +++ b/cusa/b/bluez/bluez-5.54-18_openEuler-SA-2023-1948.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1948", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1948", "title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nBluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.(CVE-2023-45866)", "cves": [ { "id": "CVE-2023-45866", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45866", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1019.json b/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1019.json index 572661f..10880a3 100644 --- a/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1019.json +++ b/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1019.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1019", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1019", "title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nVUL-0: CVE-2023-50230: bluez: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability(CVE-2023-50230)", "cves": [ { "id": "CVE-2023-50230", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50230", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1029.json b/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1029.json index 53368a8..59fee8c 100644 --- a/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1029.json +++ b/cusa/b/bluez/bluez-5.54-19_openEuler-SA-2024-1029.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1029", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1029", "title": "An update for bluez is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "This package provides all utilities for use in Bluetooth applications. The BLUETOOTH trademarks are owned by Bluetooth SIG, Inc., U.S.A.\r\n\r\nSecurity Fix(es):\r\n\r\nVUL-0: CVE-2023-50229: bluez: BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability(CVE-2023-50229)", "cves": [ { "id": "CVE-2023-50229", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50229", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/busybox/busybox-1.34.1-16_openEuler-SA-2022-1859.json b/cusa/b/busybox/busybox-1.34.1-16_openEuler-SA-2022-1859.json index 426697e..a9bb588 100644 --- a/cusa/b/busybox/busybox-1.34.1-16_openEuler-SA-2022-1859.json +++ b/cusa/b/busybox/busybox-1.34.1-16_openEuler-SA-2022-1859.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1859", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1859", "title": "An update for busybox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system.\r\n\r\nSecurity Fix(es):\r\n\r\nA use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.(CVE-2022-30065)", "cves": [ { "id": "CVE-2022-30065", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30065", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/b/byacc/byacc-2.0.20210808-4_openEuler-SA-2023-1033.json b/cusa/b/byacc/byacc-2.0.20210808-4_openEuler-SA-2023-1033.json index 16c5062..b94b46e 100644 --- a/cusa/b/byacc/byacc-2.0.20210808-4_openEuler-SA-2023-1033.json +++ b/cusa/b/byacc/byacc-2.0.20210808-4_openEuler-SA-2023-1033.json @@ -2,7 +2,7 @@ "id": "openEuler-SA-2023-1033", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1033", "title": "An update for byacc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "Berkeley Yacc is an LALR(1) parser generator. Berkeley Yacc has been made as compatible as possible with AT&T Yacc. Berkeley Yacc can accept any input specification that conforms to the AT&T Yacc documentation. Specifications that take advantage of undocumented features of AT&T Yacc will probably be rejected.\r\n\r\nSecurity Fix(es):\r\n\r\nNo description is available for this CVE.(CVE-2021-33641)\r\n\r\nNo description is available for this CVE.(CVE-2021-33642)", "cves": [ { diff --git a/cusa/c/c-ares/c-ares-1.18.1-4_openEuler-SA-2023-1091.json b/cusa/c/c-ares/c-ares-1.18.1-4_openEuler-SA-2023-1091.json index 3be0f8c..b0b2363 100644 --- a/cusa/c/c-ares/c-ares-1.18.1-4_openEuler-SA-2023-1091.json +++ b/cusa/c/c-ares/c-ares-1.18.1-4_openEuler-SA-2023-1091.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1091", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1091", "title": "An update for c-ares is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple\r\n\r\nSecurity Fix(es):\r\n\r\nIn ares_set_sortlist, it calls config_sortlist(..., sortstr) to parse the input str and initialize a sortlist configuration. However, ares_set_sortlist has not any checks about the validity of the input str. It is very easy to create an arbitrary length stack overflow with the unchecked memcpy(ipbuf, str, q-str); and memcpy(ipbufpfx, str, q-str); statements in the config_sortlist call, which could potentially cause severe security impact in practical programs.(CVE-2022-4904)", "cves": [ { "id": "CVE-2022-4904", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/c-ares/c-ares-1.18.1-5_openEuler-SA-2023-1312.json b/cusa/c/c-ares/c-ares-1.18.1-5_openEuler-SA-2023-1312.json index 09d41a8..b06b513 100644 --- a/cusa/c/c-ares/c-ares-1.18.1-5_openEuler-SA-2023-1312.json +++ b/cusa/c/c-ares/c-ares-1.18.1-5_openEuler-SA-2023-1312.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1312", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1312", "title": "An update for c-ares is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple\r\n\r\nSecurity Fix(es):\r\n\r\nc-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.(CVE-2023-32067)", "cves": [ { "id": "CVE-2023-32067", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32067", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1339.json b/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1339.json index 952fdf8..97f46a4 100644 --- a/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1339.json +++ b/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1339.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1339", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1339", "title": "An update for c-ares is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple\r\n\r\nSecurity Fix(es):\r\n\r\nc-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.(CVE-2023-31147)", "cves": [ { "id": "CVE-2023-31147", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31147", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1359.json b/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1359.json index 7ffd12e..468f198 100644 --- a/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1359.json +++ b/cusa/c/c-ares/c-ares-1.18.1-6_openEuler-SA-2023-1359.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1359", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1359", "title": "An update for c-ares is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "This is c-ares, an asynchronous resolver library. It is intended for applications which need to perform DNS queries without blocking, or need to perform multiple\n\nSecurity Fix(es):\n\nc-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular \"0::00:00:00/2\" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.\n(CVE-2023-31130)", "cves": [ { "id": "CVE-2023-31130", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31130", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/cfitsio/cfitsio-3.490-1_openEuler-SA-2022-1848.json b/cusa/c/cfitsio/cfitsio-3.490-1_openEuler-SA-2022-1848.json index 0e08694..0509561 100644 --- a/cusa/c/cfitsio/cfitsio-3.490-1_openEuler-SA-2022-1848.json +++ b/cusa/c/cfitsio/cfitsio-3.490-1_openEuler-SA-2022-1848.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1848", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1848", "title": "An update for cfitsio is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "\r\n\r\nSecurity Fix(es):\r\n\r\nIn the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3849)\r\n\r\nIn the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.(CVE-2018-3848)", "cves": [ { "id": "CVE-2018-3848", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3848", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/cifs-utils/cifs-utils-6.14-3_openEuler-SA-2022-1626.json b/cusa/c/cifs-utils/cifs-utils-6.14-3_openEuler-SA-2022-1626.json index 165e5a8..a021ab1 100644 --- a/cusa/c/cifs-utils/cifs-utils-6.14-3_openEuler-SA-2022-1626.json +++ b/cusa/c/cifs-utils/cifs-utils-6.14-3_openEuler-SA-2022-1626.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1626", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1626", "title": "An update for cifs-utils is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "The in-kernel CIFS filesystem is generally the preferred method for mounting SMB/CIFS shares on Linux. The in-kernel CIFS filesystem relies on a set of user-space tools. That package of tools is called cifs-utils.Although not really part of Samba proper, these tools were originally part of the Samba package. For several reasons, shipping these tools as part of Samba was problematic and it was deemed better to split them off into their own package.\r\n\r\nSecurity Fix(es):\r\n\r\ncifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.(CVE-2022-29869)\n\nIn cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.(CVE-2022-27239)", "cves": [ { "id": "CVE-2022-27239", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27239", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/cjose/cjose-0.6.2.2-1_openEuler-SA-2023-1441.json b/cusa/c/cjose/cjose-0.6.2.2-1_openEuler-SA-2023-1441.json index 1f1e178..e206604 100644 --- a/cusa/c/cjose/cjose-0.6.2.2-1_openEuler-SA-2023-1441.json +++ b/cusa/c/cjose/cjose-0.6.2.2-1_openEuler-SA-2023-1441.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1441", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1441", "title": "An update for cjose is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "Implementation of JOSE for C/C++\n\nSecurity Fix(es):\n\nOpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).(CVE-2023-37464)", "cves": [ { "id": "CVE-2023-37464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37464", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/clamav/clamav-0.103.6-3_openEuler-SA-2022-1683.json b/cusa/c/clamav/clamav-0.103.6-3_openEuler-SA-2022-1683.json index e689b8f..a797ba9 100644 --- a/cusa/c/clamav/clamav-0.103.6-3_openEuler-SA-2022-1683.json +++ b/cusa/c/clamav/clamav-0.103.6-3_openEuler-SA-2022-1683.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1683", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1683", "title": "An update for clamav is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Clam AntiVirus (clamav) is an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. he virus database is based on the virus database from OpenAntiVirus, but contains additional signatures and is KEPT UP TO DATE.\n\nSecurity Fix(es):\n\nOn April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20770)\n\nOn April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20771)\n\nOn April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20785)\n\nFixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.(CVE-2022-20792)", "cves": [ { "id": "CVE-2022-20792", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20792", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/clamav/clamav-0.103.9-1_openEuler-SA-2023-1559.json b/cusa/c/clamav/clamav-0.103.9-1_openEuler-SA-2023-1559.json index 52a7ff7..75969a5 100644 --- a/cusa/c/clamav/clamav-0.103.9-1_openEuler-SA-2023-1559.json +++ b/cusa/c/clamav/clamav-0.103.9-1_openEuler-SA-2023-1559.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1559", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1559", "title": "An update for clamav is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Clam AntiVirus (clamav) is an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. he virus database is based on the virus database from OpenAntiVirus, but contains additional signatures and is KEPT UP TO DATE.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog .(CVE-2023-20197)", "cves": [ { "id": "CVE-2023-20197", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20197", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/cloud-init/cloud-init-21.4-11_openEuler-SA-2023-1290.json b/cusa/c/cloud-init/cloud-init-21.4-11_openEuler-SA-2023-1290.json index c7253cb..ea62c68 100644 --- a/cusa/c/cloud-init/cloud-init-21.4-11_openEuler-SA-2023-1290.json +++ b/cusa/c/cloud-init/cloud-init-21.4-11_openEuler-SA-2023-1290.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1290", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1290", "title": "An update for cloud-init is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance.\r\n\r\nSecurity Fix(es):\r\n\r\nSensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.(CVE-2022-2084)", "cves": [ { "id": "CVE-2022-2084", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2084", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/cloud-init/cloud-init-21.4-13_openEuler-SA-2023-1297.json b/cusa/c/cloud-init/cloud-init-21.4-13_openEuler-SA-2023-1297.json index 11d3aa8..76a2aed 100644 --- a/cusa/c/cloud-init/cloud-init-21.4-13_openEuler-SA-2023-1297.json +++ b/cusa/c/cloud-init/cloud-init-21.4-13_openEuler-SA-2023-1297.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1297", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1297", "title": "An update for cloud-init is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "Cloud-init is the defacto multi-distribution package that handles early initialization of a cloud instance.\r\n\r\nSecurity Fix(es):\r\n\r\nSensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.(CVE-2023-1786)", "cves": [ { "id": "CVE-2023-1786", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1786", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/cockpit/cockpit-178-14_openEuler-SA-2024-1552.json b/cusa/c/cockpit/cockpit-178-14_openEuler-SA-2024-1552.json index 4dd7c8b..39eb526 100644 --- a/cusa/c/cockpit/cockpit-178-14_openEuler-SA-2024-1552.json +++ b/cusa/c/cockpit/cockpit-178-14_openEuler-SA-2024-1552.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1552", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1552", "title": "An update for cockpit is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "Cockpit makes GNU/Linux discoverable. See Linux server in a web browser and perform system tasks with a mouse. It’s easy to start containers, administer storage, configure networks, and inspect logs with this package.\r\n\r\nSecurity Fix(es):\r\n\r\nAn SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states \"I don't think [it] is a big real-life issue.(CVE-2020-35850)", "cves": [ { "id": "CVE-2020-35850", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35850", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/colord/colord-1.4.5-4_openEuler-SA-2022-1914.json b/cusa/c/colord/colord-1.4.5-4_openEuler-SA-2022-1914.json index e8a17b3..905a027 100644 --- a/cusa/c/colord/colord-1.4.5-4_openEuler-SA-2022-1914.json +++ b/cusa/c/colord/colord-1.4.5-4_openEuler-SA-2022-1914.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1914", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1914", "title": "An update for colord is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "colord is a system service that makes it easy to manage, install and generate color profiles to accurately color manage input and output devices.\r\n\r\nSecurity Fix(es):\r\n\r\nThere are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.(CVE-2021-42523)", "cves": [ { "id": "CVE-2021-42523", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42523", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/containerd/containerd-1.2.0-301_openEuler-SA-2022-1671.json b/cusa/c/containerd/containerd-1.2.0-301_openEuler-SA-2022-1671.json index 44052ae..30171c2 100644 --- a/cusa/c/containerd/containerd-1.2.0-301_openEuler-SA-2022-1671.json +++ b/cusa/c/containerd/containerd-1.2.0-301_openEuler-SA-2022-1671.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1671", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1671", "title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\n\nSecurity Fix(es):\n\ncontainerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.(CVE-2022-23648)", "cves": [ { "id": "CVE-2022-23648", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23648", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/containerd/containerd-1.2.0-303_openEuler-SA-2022-1743.json b/cusa/c/containerd/containerd-1.2.0-303_openEuler-SA-2022-1743.json index 93a30c2..cae26a7 100644 --- a/cusa/c/containerd/containerd-1.2.0-303_openEuler-SA-2022-1743.json +++ b/cusa/c/containerd/containerd-1.2.0-303_openEuler-SA-2022-1743.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1743", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1743", "title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\ncontainerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an \"exec\" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.(CVE-2022-31030)", "cves": [ { "id": "CVE-2022-31030", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31030", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/containerd/containerd-1.2.0-307_openEuler-SA-2022-2143.json b/cusa/c/containerd/containerd-1.2.0-307_openEuler-SA-2022-2143.json index 038a6f4..87119b0 100644 --- a/cusa/c/containerd/containerd-1.2.0-307_openEuler-SA-2022-2143.json +++ b/cusa/c/containerd/containerd-1.2.0-307_openEuler-SA-2022-2143.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2143", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2143", "title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\ncontainerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers.(CVE-2022-23471)", "cves": [ { "id": "CVE-2022-23471", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23471", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/containerd/containerd-1.2.0-310_openEuler-SA-2023-1147.json b/cusa/c/containerd/containerd-1.2.0-310_openEuler-SA-2023-1147.json index aa0485e..568c727 100644 --- a/cusa/c/containerd/containerd-1.2.0-310_openEuler-SA-2023-1147.json +++ b/cusa/c/containerd/containerd-1.2.0-310_openEuler-SA-2023-1147.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1147", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1147", "title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\ncontainerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.(CVE-2023-25153)\r\n\r\ncontainerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `\"USER $USERNAME\"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [\"su\", \"-\", \"user\"]` to allow `su` to properly set up supplementary groups.(CVE-2023-25173)", "cves": [ { "id": "CVE-2023-25173", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25173", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/containerd/containerd-1.2.0-316_openEuler-SA-2024-1126.json b/cusa/c/containerd/containerd-1.2.0-316_openEuler-SA-2024-1126.json index 37598cf..5120c3d 100644 --- a/cusa/c/containerd/containerd-1.2.0-316_openEuler-SA-2024-1126.json +++ b/cusa/c/containerd/containerd-1.2.0-316_openEuler-SA-2024-1126.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1126", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1126", "title": "An update for containerd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\nA malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.(CVE-2023-39325)", "cves": [ { "id": "CVE-2023-39325", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/containerd/containerd-1.2.0-317_openEuler-SA-2024-1181.json b/cusa/c/containerd/containerd-1.2.0-317_openEuler-SA-2024-1181.json index 064d5a6..8dad463 100644 --- a/cusa/c/containerd/containerd-1.2.0-317_openEuler-SA-2024-1181.json +++ b/cusa/c/containerd/containerd-1.2.0-317_openEuler-SA-2024-1181.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1181", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1181", "title": "An update for containerd is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.\r\n\r\nSecurity Fix(es):\r\n\r\nA maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)", "cves": [ { "id": "CVE-2022-41723", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/containernetworking-plugins/containernetworking-plugins-1.1.1-4_openEuler-SA-2024-1074.json b/cusa/c/containernetworking-plugins/containernetworking-plugins-1.1.1-4_openEuler-SA-2024-1074.json index 528563a..456dfab 100644 --- a/cusa/c/containernetworking-plugins/containernetworking-plugins-1.1.1-4_openEuler-SA-2024-1074.json +++ b/cusa/c/containernetworking-plugins/containernetworking-plugins-1.1.1-4_openEuler-SA-2024-1074.json @@ -8,7 +8,7 @@ { "id": "CVE-2023-24538", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/cpp-httplib/cpp-httplib-0.12.4-1_openEuler-SA-2023-1365.json b/cusa/c/cpp-httplib/cpp-httplib-0.12.4-1_openEuler-SA-2023-1365.json index 48c082c..a3c99d1 100644 --- a/cusa/c/cpp-httplib/cpp-httplib-0.12.4-1_openEuler-SA-2023-1365.json +++ b/cusa/c/cpp-httplib/cpp-httplib-0.12.4-1_openEuler-SA-2023-1365.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1365", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1365", "title": "An update for cpp-httplib is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code\r\n\r\nSecurity Fix(es):\r\n\r\nVersions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.\r\n\r\n**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).(CVE-2023-26130)", "cves": [ { "id": "CVE-2023-26130", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26130", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/crash/crash-7.3.0-6_openEuler-SA-2022-2002.json b/cusa/c/crash/crash-7.3.0-6_openEuler-SA-2022-2002.json index f34b0df..3c3a58b 100644 --- a/cusa/c/crash/crash-7.3.0-6_openEuler-SA-2022-2002.json +++ b/cusa/c/crash/crash-7.3.0-6_openEuler-SA-2022-2002.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2002", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2002", "title": "An update for crash is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The core analysis suite is a self-contained tool that can be used to investigate either live systems, kernel core dumps created from dump creation facilities such as kdump, kvmdump, xendump, the netdump and diskdump packages offered by Red Hat, the LKCD kernel patch, the mcore kernel patch created by Mission Critical Linux, as well as other formats created by manufacturer-specific firmware.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet.(CVE-2019-1010180)", "cves": [ { "id": "CVE-2019-1010180", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010180", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/cups-filters/cups-filters-1.28.9-3_openEuler-SA-2023-1315.json b/cusa/c/cups-filters/cups-filters-1.28.9-3_openEuler-SA-2023-1315.json index f3a49fd..48c6356 100644 --- a/cusa/c/cups-filters/cups-filters-1.28.9-3_openEuler-SA-2023-1315.json +++ b/cusa/c/cups-filters/cups-filters-1.28.9-3_openEuler-SA-2023-1315.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1315", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1315", "title": "An update for cups-filters is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "This project provides backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters and software developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrinting and a daemon to browse Bonjour broadcasts of remote CUPS printers to make these printers available locally and to provide backward compatibility to the old CUPS broadcasting and browsing of CUPS 1.5.x and older.\r\n\r\nSecurity Fix(es):\r\n\r\ncups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.(CVE-2023-24805)", "cves": [ { "id": "CVE-2023-24805", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24805", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/cups/cups-2.4.0-10_openEuler-SA-2023-1752.json b/cusa/c/cups/cups-2.4.0-10_openEuler-SA-2023-1752.json index 9244f18..db2d15e 100644 --- a/cusa/c/cups/cups-2.4.0-10_openEuler-SA-2023-1752.json +++ b/cusa/c/cups/cups-2.4.0-10_openEuler-SA-2023-1752.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1752", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1752", "title": "An update for cups is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol (IPP) to support printing to local and network printers..\r\n\r\nSecurity Fix(es):\r\n\r\nDue to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\n(CVE-2023-4504)", "cves": [ { "id": "CVE-2023-4504", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4504", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/cups/cups-2.4.0-3_openEuler-SA-2022-1708.json b/cusa/c/cups/cups-2.4.0-3_openEuler-SA-2022-1708.json index e8b4ea9..e089b7e 100644 --- a/cusa/c/cups/cups-2.4.0-3_openEuler-SA-2022-1708.json +++ b/cusa/c/cups/cups-2.4.0-3_openEuler-SA-2022-1708.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1708", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1708", "title": "An update for cups is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol (IPP) to support printing to local and network printers.\r\n\r\nSecurity Fix(es):\r\n\r\nA logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.(CVE-2022-26691)", "cves": [ { "id": "CVE-2022-26691", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26691", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/cups/cups-2.4.0-5_openEuler-SA-2023-1335.json b/cusa/c/cups/cups-2.4.0-5_openEuler-SA-2023-1335.json index b74d90c..a771667 100644 --- a/cusa/c/cups/cups-2.4.0-5_openEuler-SA-2023-1335.json +++ b/cusa/c/cups/cups-2.4.0-5_openEuler-SA-2023-1335.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1335", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1335", "title": "An update for cups is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol (IPP) to support printing to local and network printers.\r\n\r\nSecurity Fix(es):\r\n\r\nOpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.(CVE-2023-32324)", "cves": [ { "id": "CVE-2023-32324", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32324", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/cups/cups-2.4.0-8_openEuler-SA-2023-1410.json b/cusa/c/cups/cups-2.4.0-8_openEuler-SA-2023-1410.json index 9c1691f..f6a040d 100644 --- a/cusa/c/cups/cups-2.4.0-8_openEuler-SA-2023-1410.json +++ b/cusa/c/cups/cups-2.4.0-8_openEuler-SA-2023-1410.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1410", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1410", "title": "An update for cups is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "\n\nSecurity Fix(es):\n\nOpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue.(CVE-2023-34241)", "cves": [ { "id": "CVE-2023-34241", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34241", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/curl/curl-7.79.1-12_openEuler-SA-2022-2041.json b/cusa/c/curl/curl-7.79.1-12_openEuler-SA-2022-2041.json index c96436f..5cc968a 100644 --- a/cusa/c/curl/curl-7.79.1-12_openEuler-SA-2022-2041.json +++ b/cusa/c/curl/curl-7.79.1-12_openEuler-SA-2022-2041.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2041", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2041", "title": "An update for curl is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "CURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\ncurl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.(CVE-2022-42915)\r\n\r\nA vulnerability was found in curl. The issue occurs when doing HTTP(S) transfers, where curl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set if it previously used the same handle to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request.(CVE-2022-32221)\r\n\r\nIn curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.(CVE-2022-42916)", "cves": [ { "id": "CVE-2022-42916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42916", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/c/curl/curl-7.79.1-13_openEuler-SA-2023-1007.json b/cusa/c/curl/curl-7.79.1-13_openEuler-SA-2023-1007.json index 1cbcb4e..aaa7304 100644 --- a/cusa/c/curl/curl-7.79.1-13_openEuler-SA-2023-1007.json +++ b/cusa/c/curl/curl-7.79.1-13_openEuler-SA-2023-1007.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1007", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1007", "title": "An update for curl is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.(CVE-2022-43552)\r\n\r\nA vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.(CVE-2022-43551)", "cves": [ { "id": "CVE-2022-43551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/curl/curl-7.79.1-14_openEuler-SA-2023-1124.json b/cusa/c/curl/curl-7.79.1-14_openEuler-SA-2023-1124.json index 1bb2c90..4049247 100644 --- a/cusa/c/curl/curl-7.79.1-14_openEuler-SA-2023-1124.json +++ b/cusa/c/curl/curl-7.79.1-14_openEuler-SA-2023-1124.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1124", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1124", "title": "An update for curl is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity.(CVE-2023-23915)\r\n\r\nA flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity.(CVE-2023-23914)\r\n\r\ncurl supports \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was capped, but the cap was implemented on a per-header basis allowing a malicious server to insert a virtually unlimited number of compression steps simply by using many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.(CVE-2023-23916)", "cves": [ { "id": "CVE-2023-23916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/curl/curl-7.79.1-15_openEuler-SA-2023-1196.json b/cusa/c/curl/curl-7.79.1-15_openEuler-SA-2023-1196.json index 8cd7364..91fc240 100644 --- a/cusa/c/curl/curl-7.79.1-15_openEuler-SA-2023-1196.json +++ b/cusa/c/curl/curl-7.79.1-15_openEuler-SA-2023-1196.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1196", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1196", "title": "An update for curl is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nlibcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The settings in questions are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.(CVE-2023-27535)\r\n\r\nlibcurl would reuse a previously created connection even when an SSH related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, two SSH settings were left out from the configuration match checks, making them match too easily.(CVE-2023-27538)\r\n\r\nlibcurl would reuse a previously created connection even when the GSS delegation (`CURLOPT_GSSAPI_DELEGATION`) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.(CVE-2023-27536)\r\n\r\ncurl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and \"telnet options\" for the server\nnegotiation. Due to lack of proper input scrubbing and without it being the documented functionality, curl would pass on user name and telnet options to the server as provided. This could allow users to pass in carefully crafted content that pass on content or do option negotiation without the application intending to do so. In particular if an application for example allows users to provide the data or parts of the data.(CVE-2023-27533)\r\n\r\ncurl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of URLs: a tilde (`~`) character as the first\npath element in the path to denotes a path relative to the user's home directory. This is supported because of wording in the [once proposed\nto-become RFC draft](https://datatracker.ietf.org/doc/html/draft-ietf-secsh-scp-sftp-ssh-uri-04) that was to dictate how SFTP URLs work. Due to a bug, the handling of the tilde in SFTP path did however not only replace it when it is used stand-alone as the first path element but also wrongly when used as a mere prefix in the first element. Using a path like `/~2/foo` when accessing a server using the user `dan` (with home directory `/home/dan`) would then quite suprisingly access the file `/home/dan2/foo`. This can be taken advantage of to circumvent filtering or worse.(CVE-2023-27534)", "cves": [ { "id": "CVE-2023-27534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/c/curl/curl-7.79.1-17_openEuler-SA-2023-1346.json b/cusa/c/curl/curl-7.79.1-17_openEuler-SA-2023-1346.json index b6c14f2..7ba5fd3 100644 --- a/cusa/c/curl/curl-7.79.1-17_openEuler-SA-2023-1346.json +++ b/cusa/c/curl/curl-7.79.1-17_openEuler-SA-2023-1346.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1346", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1346", "title": "An update for curl is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\r\n\r\nSecurity Fix(es):\r\n\r\nAn information disclosure vulnerability exists in curl 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.(CVE-2021-25215)\r\n\r\nIn BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.(CVE-2021-25214)\r\n\r\nIn BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.(CVE-2021-25219)\r\n\r\nBIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.(CVE-2021-25220)", "cves": [ { "id": "CVE-2021-25220", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25220", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/d/dhcp/dhcp-4.4.2-15_openEuler-SA-2022-2009.json b/cusa/d/dhcp/dhcp-4.4.2-15_openEuler-SA-2022-2009.json index ec9c219..f3e74ce 100644 --- a/cusa/d/dhcp/dhcp-4.4.2-15_openEuler-SA-2022-2009.json +++ b/cusa/d/dhcp/dhcp-4.4.2-15_openEuler-SA-2022-2009.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2009", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2009", "title": "An update for dhcp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks.\r\n\r\nSecurity Fix(es):\r\n\r\nIn ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.(CVE-2022-2928)\r\n\r\nIn ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.(CVE-2022-2929)", "cves": [ { "id": "CVE-2022-2929", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2929", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/d/djvulibre/djvulibre-3.5.27-19_openEuler-SA-2023-1641.json b/cusa/d/djvulibre/djvulibre-3.5.27-19_openEuler-SA-2023-1641.json index 0020ed2..ee59aed 100644 --- a/cusa/d/djvulibre/djvulibre-3.5.27-19_openEuler-SA-2023-1641.json +++ b/cusa/d/djvulibre/djvulibre-3.5.27-19_openEuler-SA-2023-1641.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1641", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1641", "title": "An update for djvulibre is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "DjVu is a set of compression technologies, a file format, and a software platform for the deliveryover the Web of digital documents, scanned documents, and high resolution images.DjVu documents download and display extremely quickly, and look exactly the same on all platforms with no compatibility problems due to fonts, colors, etc. DjVu can be seen as a superior alternative to PDF and PostScript for digital documents, to TIFF (and PDF) for scanned bitonal documents, to JPEG and JPEG2000 for photographs and pictures, and to GIF for large palettized images. DjVu is the only Web format that is practical for distributing high-resolution scanned documents in color.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.(CVE-2021-46310)\r\n\r\nAn issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.(CVE-2021-46312)", "cves": [ { "id": "CVE-2021-46312", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46312", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/dmidecode/dmidecode-3.3-6_openEuler-SA-2023-1264.json b/cusa/d/dmidecode/dmidecode-3.3-6_openEuler-SA-2023-1264.json index 4313803..fa2fc97 100644 --- a/cusa/d/dmidecode/dmidecode-3.3-6_openEuler-SA-2023-1264.json +++ b/cusa/d/dmidecode/dmidecode-3.3-6_openEuler-SA-2023-1264.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1264", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1264", "title": "An update for dmidecode is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "Dmidecode reports information about your system's hardware as described in your system BIOS according to the SMBIOS/DMI standard (see a sample output). This information typically includes system manufacturer, model name, serial number, BIOS version, asset tag as well as a lot of other details of varying level of interest and reliability depending on the manufacturer. This will often include usage status for the CPU sockets, expansion slots (e.g. AGP, PCI, ISA) and memory module slots, and the list of I/O ports (e.g. serial, parallel, USB).DMI data can be used to enable or disable specific portions of kernel code depending on the specific hardware. Thus, one use of dmidecode is for kernel developers to detect system \"signatures\" and add them to the kernel source code when needed.\r\n\r\nSecurity Fix(es):\r\n\r\nDmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.(CVE-2023-30630)", "cves": [ { "id": "CVE-2023-30630", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30630", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/dnsjava/config.json b/cusa/d/dnsjava/config.json new file mode 100644 index 0000000..f9a5d9b --- /dev/null +++ b/cusa/d/dnsjava/config.json @@ -0,0 +1,5 @@ +{ + "upstream": "22.03-LTS", + "autobuild": true, + "fixed_version": "" +} \ No newline at end of file diff --git a/cusa/d/dnsmasq/dnsmasq-2.86-2_openEuler-SA-2022-1761.json b/cusa/d/dnsmasq/dnsmasq-2.86-2_openEuler-SA-2022-1761.json index 3da92ca..1c2ad7c 100644 --- a/cusa/d/dnsmasq/dnsmasq-2.86-2_openEuler-SA-2022-1761.json +++ b/cusa/d/dnsmasq/dnsmasq-2.86-2_openEuler-SA-2022-1761.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1761", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1761", "title": "An update for dnsmasq is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.\r\n\r\nSecurity Fix(es):\r\n\r\nNo description is available for this CVE.(CVE-2022-0934)", "cves": [ { "id": "CVE-2022-0934", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/docker/docker-engine-18.09.0-301_openEuler-SA-2022-1726.json b/cusa/d/docker/docker-engine-18.09.0-301_openEuler-SA-2022-1726.json index 7fb6c4f..ea39f79 100644 --- a/cusa/d/docker/docker-engine-18.09.0-301_openEuler-SA-2022-1726.json +++ b/cusa/d/docker/docker-engine-18.09.0-301_openEuler-SA-2022-1726.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1726", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1726", "title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.(CVE-2022-24769)", "cves": [ { "id": "CVE-2022-24769", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24769", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/docker/docker-engine-18.09.0-306_openEuler-SA-2022-1739.json b/cusa/d/docker/docker-engine-18.09.0-306_openEuler-SA-2022-1739.json index d558f5c..e70d785 100644 --- a/cusa/d/docker/docker-engine-18.09.0-306_openEuler-SA-2022-1739.json +++ b/cusa/d/docker/docker-engine-18.09.0-306_openEuler-SA-2022-1739.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1739", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1739", "title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.(CVE-2021-41091)\r\n\r\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.(CVE-2021-41089)\r\n\r\nDocker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.(CVE-2021-41092)", "cves": [ { "id": "CVE-2021-41092", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41092", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/docker/docker-engine-18.09.0-310_openEuler-SA-2022-1936.json b/cusa/d/docker/docker-engine-18.09.0-310_openEuler-SA-2022-1936.json index 0957d55..2da0b3c 100644 --- a/cusa/d/docker/docker-engine-18.09.0-310_openEuler-SA-2022-1936.json +++ b/cusa/d/docker/docker-engine-18.09.0-310_openEuler-SA-2022-1936.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1936", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1936", "title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly.(CVE-2022-36109)", "cves": [ { "id": "CVE-2022-36109", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36109", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/docker/docker-engine-18.09.0-323_openEuler-SA-2023-1238.json b/cusa/d/docker/docker-engine-18.09.0-323_openEuler-SA-2023-1238.json index 89a22fe..f3b71d9 100644 --- a/cusa/d/docker/docker-engine-18.09.0-323_openEuler-SA-2023-1238.json +++ b/cusa/d/docker/docker-engine-18.09.0-323_openEuler-SA-2023-1238.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1238", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1238", "title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec.(CVE-2023-28842)\r\n\r\nMoby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.(CVE-2023-28841)\r\n\r\nMoby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.(CVE-2023-28840)", "cves": [ { "id": "CVE-2023-28840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28840", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/docker/docker-engine-18.09.0-333_openEuler-SA-2024-1302.json b/cusa/d/docker/docker-engine-18.09.0-333_openEuler-SA-2024-1302.json index 24a500f..dc66b74 100644 --- a/cusa/d/docker/docker-engine-18.09.0-333_openEuler-SA-2024-1302.json +++ b/cusa/d/docker/docker-engine-18.09.0-333_openEuler-SA-2024-1302.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1302", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1302", "title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases.(CVE-2024-24557)", "cves": [ { "id": "CVE-2024-24557", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/d/docker/docker-engine-18.09.0-334_openEuler-SA-2024-1465.json b/cusa/d/docker/docker-engine-18.09.0-334_openEuler-SA-2024-1465.json index e3a06af..5f5cd75 100644 --- a/cusa/d/docker/docker-engine-18.09.0-334_openEuler-SA-2024-1465.json +++ b/cusa/d/docker/docker-engine-18.09.0-334_openEuler-SA-2024-1465.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1465", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1465", "title": "An update for docker is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well.\r\n\r\nWhen containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs.\r\n\r\nContainers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly.\r\n\r\nIn addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver.\r\n\r\nWhen a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself.\r\n\r\nAs a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved.\r\n\r\nMany systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected.\r\n\r\nBecause `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.\r\n\r\nDocker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address.\r\n\r\nMoby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace.(CVE-2024-29018)", "cves": [ { "id": "CVE-2024-29018", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29018", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/docker/docker-engine-18.09.0-335_openEuler-SA-2024-1591.json b/cusa/d/docker/docker-engine-18.09.0-335_openEuler-SA-2024-1591.json index a606861..1b8e635 100644 --- a/cusa/d/docker/docker-engine-18.09.0-335_openEuler-SA-2024-1591.json +++ b/cusa/d/docker/docker-engine-18.09.0-335_openEuler-SA-2024-1591.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1591", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1591", "title": "An update for docker is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "Docker is an open source project to build, ship and run any application as a lightweight container.\r\n\r\nSecurity Fix(es):\r\n\r\nMoby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, (1) Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses, (2) if router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses, and (3) the interface will be a member of IPv6 multicast groups. This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface. The issue is patched in 26.0.2. To completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file.(CVE-2024-32473)", "cves": [ { "id": "CVE-2024-32473", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32473", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/dovecot/dovecot-2.3.15-5_openEuler-SA-2022-1994.json b/cusa/d/dovecot/dovecot-2.3.15-5_openEuler-SA-2022-1994.json index 50b0689..b9aee02 100644 --- a/cusa/d/dovecot/dovecot-2.3.15-5_openEuler-SA-2022-1994.json +++ b/cusa/d/dovecot/dovecot-2.3.15-5_openEuler-SA-2022-1994.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1994", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1994", "title": "An update for dovecot is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Dovecot is an IMAP server for Linux/UNIX-like systemsa wrapper package that will just handle common things for all versioned dovecot packages.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.(CVE-2022-30550)", "cves": [ { "id": "CVE-2022-30550", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30550", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/dpdk/dpdk-21.11-11_openEuler-SA-2022-1713.json b/cusa/d/dpdk/dpdk-21.11-11_openEuler-SA-2022-1713.json index 180154b..adce1e5 100644 --- a/cusa/d/dpdk/dpdk-21.11-11_openEuler-SA-2022-1713.json +++ b/cusa/d/dpdk/dpdk-21.11-11_openEuler-SA-2022-1713.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1713", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1713", "title": "An update for dpdk is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "DPDK core includes kernel modules, core libraries and tools. testpmd application allows to test fast packet processing environments on arm64 platforms. For instance, it can be used to check that environment can support fast path applications such as 6WINDGate, pktgen, rumptcpip, etc. More libraries are available as extensions in other packages.\r\n\r\nSecurity Fix(es):\r\n\r\nIt’s an issue in the handling of vhost-user inflight type messages. A malicious vhost-user master can attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master could exhaust available fd in the vhost-user slave process and lead to a DoS.(CVE-2022-0669)\r\n\r\nIn DPDK Vhost communication, we didn’t test if msg->payload.inflight.num_queues is out of bounds in function ‘vhost_user_set_inflight_fd()’, and could cause the program to write OOB.(CVE-2021-3839)", "cves": [ { "id": "CVE-2021-3839", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3839", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/dpdk/dpdk-21.11-16_openEuler-SA-2022-1911.json b/cusa/d/dpdk/dpdk-21.11-16_openEuler-SA-2022-1911.json index eb1a60b..2a60f71 100644 --- a/cusa/d/dpdk/dpdk-21.11-16_openEuler-SA-2022-1911.json +++ b/cusa/d/dpdk/dpdk-21.11-16_openEuler-SA-2022-1911.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1911", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1911", "title": "An update for dpdk is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "DPDK core includes kernel modules, core libraries and tools.testpmd application allows to test fast packet processing environments on arm64 platforms. For instance, it can be used to check that environment can support fast path applications such as 6WINDGate, pktgen, rumptcpip, etc. More libraries are available as extensions in other packages.\r\n\r\nSecurity Fix(es):\r\n\r\nA permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.(CVE-2022-2132)", "cves": [ { "id": "CVE-2022-2132", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2132", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/d/dpdk/dpdk-21.11-17_openEuler-SA-2022-1965.json b/cusa/d/dpdk/dpdk-21.11-17_openEuler-SA-2022-1965.json index 3d8342f..14f0dee 100644 --- a/cusa/d/dpdk/dpdk-21.11-17_openEuler-SA-2022-1965.json +++ b/cusa/d/dpdk/dpdk-21.11-17_openEuler-SA-2022-1965.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1965", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1965", "title": "An update for dpdk is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "DPDK core includes kernel modules, core libraries and tools.testpmd application allows to test fast packet processing environments on arm64 platforms. For instance, it can be used to check that environment can support fast path applications such as 6WINDGate, pktgen, rumptcpip, etc. More libraries are available as extensions in other packages.\r\n\r\nSecurity Fix(es):\r\n\r\nNVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.(CVE-2022-28199)", "cves": [ { "id": "CVE-2022-28199", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28199", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/d/dpkg/dpkg-1.18.25-11_openEuler-SA-2022-1703.json b/cusa/d/dpkg/dpkg-1.18.25-11_openEuler-SA-2022-1703.json index a93deca..0ca6c9b 100644 --- a/cusa/d/dpkg/dpkg-1.18.25-11_openEuler-SA-2022-1703.json +++ b/cusa/d/dpkg/dpkg-1.18.25-11_openEuler-SA-2022-1703.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1703", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1703", "title": "An update for dpkg is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Dpkg is a tool to install, build, remove and manageDebian packages. The primary and more user-friendly front-end for dpkg is aptitude.\r\n\r\nSecurity Fix(es):\r\n\r\nDpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.(CVE-2022-1664)", "cves": [ { "id": "CVE-2022-1664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1664", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/runc/docker-runc-1.0.0.rc3-301_openEuler-SA-2022-1704.json b/cusa/d/runc/docker-runc-1.0.0.rc3-301_openEuler-SA-2022-1704.json index 995a160..ceca263 100644 --- a/cusa/d/runc/docker-runc-1.0.0.rc3-301_openEuler-SA-2022-1704.json +++ b/cusa/d/runc/docker-runc-1.0.0.rc3-301_openEuler-SA-2022-1704.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1704", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1704", "title": "An update for runc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "runc is a CLI tool for spawning and running containers according to the OCI specification.\r\n\r\nSecurity Fix(es):\r\n\r\nrunc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.(CVE-2022-29162)", "cves": [ { "id": "CVE-2022-29162", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29162", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/d/runc/docker-runc-1.0.0.rc3-310_openEuler-SA-2023-1383.json b/cusa/d/runc/docker-runc-1.0.0.rc3-310_openEuler-SA-2023-1383.json index 2acf832..3a66bb0 100644 --- a/cusa/d/runc/docker-runc-1.0.0.rc3-310_openEuler-SA-2023-1383.json +++ b/cusa/d/runc/docker-runc-1.0.0.rc3-310_openEuler-SA-2023-1383.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1383", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1383", "title": "An update for runc is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "runc is a CLI tool for spawning and running containers according to the OCI specification.\r\n\r\nSecurity Fix(es):\r\n\r\nrunc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.(CVE-2023-28642)", "cves": [ { "id": "CVE-2023-28642", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28642", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/d/runc/docker-runc-1.0.0.rc3-321_openEuler-SA-2024-1182.json b/cusa/d/runc/docker-runc-1.0.0.rc3-321_openEuler-SA-2024-1182.json index 66c6393..a9a5b51 100644 --- a/cusa/d/runc/docker-runc-1.0.0.rc3-321_openEuler-SA-2024-1182.json +++ b/cusa/d/runc/docker-runc-1.0.0.rc3-321_openEuler-SA-2024-1182.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1182", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1182", "title": "An update for runc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "runc is a CLI tool for spawning and running containers according to the OCI specification.\r\n\r\nSecurity Fix(es):\r\n\r\nrunc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue.(CVE-2024-21626)", "cves": [ { "id": "CVE-2024-21626", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/e2fsprogs/e2fsprogs-1.46.4-10_openEuler-SA-2022-1719.json b/cusa/e/e2fsprogs/e2fsprogs-1.46.4-10_openEuler-SA-2022-1719.json index 034be3a..db51e66 100644 --- a/cusa/e/e2fsprogs/e2fsprogs-1.46.4-10_openEuler-SA-2022-1719.json +++ b/cusa/e/e2fsprogs/e2fsprogs-1.46.4-10_openEuler-SA-2022-1719.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1719", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1719", "title": "An update for e2fsprogs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The e2fsprogs package consists of a lot of tools for users to create, check, modify, and correct any inconsistencies in second extended file system.\r\n\r\nSecurity Fix(es):\r\n\r\nAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.(CVE-2022-1304)", "cves": [ { "id": "CVE-2022-1304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1304", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/eclipse/eclipse-4.11-5_openEuler-SA-2022-1759.json b/cusa/e/eclipse/eclipse-4.11-5_openEuler-SA-2022-1759.json index de23913..ea0ec4c 100644 --- a/cusa/e/eclipse/eclipse-4.11-5_openEuler-SA-2022-1759.json +++ b/cusa/e/eclipse/eclipse-4.11-5_openEuler-SA-2022-1759.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1759", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1759", "title": "An update for eclipse is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The Eclipse platform is designed for building integrated development environments (IDEs), server-side applications, desktop applications, and everything in between.\r\n\r\nSecurity Fix(es):\r\n\r\nIn versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process.(CVE-2020-27225)", "cves": [ { "id": "CVE-2020-27225", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27225", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/edk2/edk2-202011-11_openEuler-SA-2023-1135.json b/cusa/e/edk2/edk2-202011-11_openEuler-SA-2023-1135.json index 90c3630..2e12a5c 100644 --- a/cusa/e/edk2/edk2-202011-11_openEuler-SA-2023-1135.json +++ b/cusa/e/edk2/edk2-202011-11_openEuler-SA-2023-1135.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1135", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1135", "title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. \r\n\r\nSecurity Fix(es):\r\n\r\nThe public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.(CVE-2023-0215)\r\n\r\nThere is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)\r\n\r\nA NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data.(CVE-2023-0401)\r\n\r\nThe function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.(CVE-2022-4450)", "cves": [ { "id": "CVE-2022-4450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/edk2/edk2-202011-12_openEuler-SA-2023-1430.json b/cusa/e/edk2/edk2-202011-12_openEuler-SA-2023-1430.json index d2c2d6d..edc1fee 100644 --- a/cusa/e/edk2/edk2-202011-12_openEuler-SA-2023-1430.json +++ b/cusa/e/edk2/edk2-202011-12_openEuler-SA-2023-1430.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1430", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1430", "title": "An update for edk2 is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. \n\nSecurity Fix(es):\n\nA timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.(CVE-2022-4304)", "cves": [ { "id": "CVE-2022-4304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/edk2/edk2-202011-14_openEuler-SA-2024-1238.json b/cusa/e/edk2/edk2-202011-14_openEuler-SA-2024-1238.json index c65aa00..5759d43 100644 --- a/cusa/e/edk2/edk2-202011-14_openEuler-SA-2024-1238.json +++ b/cusa/e/edk2/edk2-202011-14_openEuler-SA-2024-1238.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1238", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1238", "title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\nA security vulnerability has been identified in all supported versions\r\n\r\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464)\r\n\r\nApplications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0465)\r\n\r\nThe function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\r\n\r\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\r\n\r\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\r\n\r\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.(CVE-2023-0466)\r\n\r\nIssue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\r\n\r\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\r\n\r\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\r\n\r\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\r\n\r\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\r\n\r\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\r\n\r\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\r\n\r\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\r\n\r\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\r\n\r\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.(CVE-2023-2650)\r\n\r\nIssue summary: Checking excessively long DH keys or parameters may be very slow.\r\n\r\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\r\n\r\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\r\n\r\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\r\n\r\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\r\n\r\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\r\n\r\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\r\n\r\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.(CVE-2023-3446)\r\n\r\nIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\r\n\r\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\r\n\r\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\r\n\r\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\r\n\r\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.(CVE-2024-0727)", "cves": [ { "id": "CVE-2024-0727", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1280.json b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1280.json index 064c684..72ca38d 100644 --- a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1280.json +++ b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1280.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1280", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1280", "title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\nEDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.(CVE-2023-45229)\r\n\r\nEDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing  Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.(CVE-2023-45231)\r\n\r\n EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\r\n\r\n(CVE-2023-45234)", "cves": [ { "id": "CVE-2023-45234", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45234", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1316.json b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1316.json index 50f3b29..284410c 100644 --- a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1316.json +++ b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1316.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1316", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1316", "title": "An update for edk2 is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\n\nEDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.\r\n\r\n(CVE-2022-36764)\r\n\r\n EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\r\n\r\n(CVE-2023-45230)\r\n\r\n EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\r\n\r\n(CVE-2023-45232)\r\n\r\n EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Availability.\r\n\r\n(CVE-2023-45233)\r\n\r\n EDK2's Network Package is susceptible to a buffer overflow vulnerability when\r\n\r\n\r\n\r\n\r\n\r\nhandling Server ID option \r\n\r\n\r\n\r\n from a DHCPv6 proxy Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality, Integrity and/or Availability.\r\n\r\n(CVE-2023-45235)", "cves": [ { "id": "CVE-2023-45235", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45235", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1350.json b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1350.json index c18b025..1653d14 100644 --- a/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1350.json +++ b/cusa/e/edk2/edk2-202011-16_openEuler-SA-2024-1350.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1350", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1350", "title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\n\nEDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.\r\n\r\n(CVE-2022-36765)", "cves": [ { "id": "CVE-2022-36765", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36765", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/edk2/edk2-202011-17_openEuler-SA-2024-1513.json b/cusa/e/edk2/edk2-202011-17_openEuler-SA-2024-1513.json index 31430ca..dd2830b 100644 --- a/cusa/e/edk2/edk2-202011-17_openEuler-SA-2024-1513.json +++ b/cusa/e/edk2/edk2-202011-17_openEuler-SA-2024-1513.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1513", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1513", "title": "An update for edk2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications.\r\n\r\nSecurity Fix(es):\r\n\r\nIssue summary: Some non-default TLS server configurations can cause unbounded\nmemory growth when processing TLSv1.3 sessions\r\n\r\nImpact summary: An attacker may exploit certain server configurations to trigger\nunbounded memory growth that would lead to a Denial of Service\r\n\r\nThis problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is\nbeing used (but not if early_data support is also configured and the default\nanti-replay protection is in use). In this case, under certain conditions, the\nsession cache can get into an incorrect state and it will fail to flush properly\nas it fills. The session cache will continue to grow in an unbounded manner. A\nmalicious client could deliberately create the scenario for this failure to\nforce a Denial of Service. It may also happen by accident in normal operation.\r\n\r\nThis issue only affects TLS servers supporting TLSv1.3. It does not affect TLS\nclients.\r\n\r\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL\n1.0.2 is also not affected by this issue.(CVE-2024-2511)", "cves": [ { "id": "CVE-2024-2511", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/edk2/edk2-202011-6_openEuler-SA-2022-1988.json b/cusa/e/edk2/edk2-202011-6_openEuler-SA-2022-1988.json index 6f48e21..ae065c1 100644 --- a/cusa/e/edk2/edk2-202011-6_openEuler-SA-2022-1988.json +++ b/cusa/e/edk2/edk2-202011-6_openEuler-SA-2022-1988.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1988", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1988", "title": "An update for edk2 is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "\r\n\r\nSecurity Fix(es):\r\n\r\nInsufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.(CVE-2019-11098)", "cves": [ { "id": "CVE-2019-11098", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11098", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/emacs/emacs-27.2-13_openEuler-SA-2024-1390.json b/cusa/e/emacs/emacs-27.2-13_openEuler-SA-2024-1390.json index bde6e13..6c15e5a 100644 --- a/cusa/e/emacs/emacs-27.2-13_openEuler-SA-2024-1390.json +++ b/cusa/e/emacs/emacs-27.2-13_openEuler-SA-2024-1390.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1390", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1390", "title": "An update for emacs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "Emacs is the extensible, customizable, self-documenting real-time display editor. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a project planner, mail and news reader, debugger interface, calendar, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.(CVE-2024-30204)\r\n\r\nIn Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.(CVE-2024-30205)", "cves": [ { "id": "CVE-2024-30205", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30205", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/emacs/emacs-27.2-8_openEuler-SA-2022-2131.json b/cusa/e/emacs/emacs-27.2-8_openEuler-SA-2022-2131.json index 1b2f74f..c084311 100644 --- a/cusa/e/emacs/emacs-27.2-8_openEuler-SA-2022-2131.json +++ b/cusa/e/emacs/emacs-27.2-8_openEuler-SA-2022-2131.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2131", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2131", "title": "An update for emacs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Emacs is the extensible, customizable, self-documenting real-time display editor.At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a project planner, mail and news reader, debugger interface, calendar, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the \"ctags *\" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input.(CVE-2022-45939)", "cves": [ { "id": "CVE-2022-45939", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45939", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/emacs/emacs-27.2-9_openEuler-SA-2023-1148.json b/cusa/e/emacs/emacs-27.2-9_openEuler-SA-2023-1148.json index 5198446..1e07697 100644 --- a/cusa/e/emacs/emacs-27.2-9_openEuler-SA-2023-1148.json +++ b/cusa/e/emacs/emacs-27.2-9_openEuler-SA-2023-1148.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1148", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1148", "title": "An update for emacs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "Emacs is the extensible, customizable, self-documenting real-time display editor.At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing,including a project planner, mail and news reader, debugger interface, calendar, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.(CVE-2022-48339)\r\n\r\nAn issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.(CVE-2022-48338)\r\n\r\nGNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the \"etags -u *\" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.(CVE-2022-48337)", "cves": [ { "id": "CVE-2022-48337", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48337", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/epiphany/epiphany-40.6-1_openEuler-SA-2022-1627.json b/cusa/e/epiphany/epiphany-40.6-1_openEuler-SA-2022-1627.json index b70492d..af311cf 100644 --- a/cusa/e/epiphany/epiphany-40.6-1_openEuler-SA-2022-1627.json +++ b/cusa/e/epiphany/epiphany-40.6-1_openEuler-SA-2022-1627.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1627", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1627", "title": "An update for epiphany is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application.\r\n\r\nSecurity Fix(es):\r\n\r\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.(CVE-2021-45085)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server s suggested_filename is used as the pdf_name value in PDF.js.(CVE-2021-45086)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.(CVE-2021-45087)\n\nXSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.(CVE-2021-45088)\n\nIn GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.(CVE-2022-29536)", "cves": [ { "id": "CVE-2022-29536", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29536", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/epiphany/epiphany-40.6-3_openEuler-SA-2023-1139.json b/cusa/e/epiphany/epiphany-40.6-3_openEuler-SA-2023-1139.json index 6bc4e91..a9aea72 100644 --- a/cusa/e/epiphany/epiphany-40.6-3_openEuler-SA-2023-1139.json +++ b/cusa/e/epiphany/epiphany-40.6-3_openEuler-SA-2023-1139.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1139", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1139", "title": "An update for epiphany is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.(CVE-2023-26081)", "cves": [ { "id": "CVE-2023-26081", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26081", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/erlang/erlang-23.3.4.9-4_openEuler-SA-2024-1122.json b/cusa/e/erlang/erlang-23.3.4.9-4_openEuler-SA-2024-1122.json index 390c07e..3d6a4f7 100644 --- a/cusa/e/erlang/erlang-23.3.4.9-4_openEuler-SA-2024-1122.json +++ b/cusa/e/erlang/erlang-23.3.4.9-4_openEuler-SA-2024-1122.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1122", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1122", "title": "An update for erlang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.\r\n\r\nSecurity Fix(es):\r\n\r\nThe SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.(CVE-2023-48795)", "cves": [ { "id": "CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/espeak-ng/espeak-ng-1.51-2_openEuler-SA-2024-1021.json b/cusa/e/espeak-ng/espeak-ng-1.51-2_openEuler-SA-2024-1021.json index 8ae2fa2..517e8a3 100644 --- a/cusa/e/espeak-ng/espeak-ng-1.51-2_openEuler-SA-2024-1021.json +++ b/cusa/e/espeak-ng/espeak-ng-1.51-2_openEuler-SA-2024-1021.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1021", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1021", "title": "An update for espeak-ng is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "The eSpeak NG is a compact open source software text-to-speech synthesizer for Linux, Windows, Android and other operating systems. It supports 70 languages and accents. It is based on the eSpeak engine created by Jonathan Duddington.\r\n\r\nSecurity Fix(es):\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.(CVE-2023-49990)\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.(CVE-2023-49991)\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.(CVE-2023-49992)\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.(CVE-2023-49993)\r\n\r\nEspeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.(CVE-2023-49994)", "cves": [ { "id": "CVE-2023-49994", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49994", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/exiv2/exiv2-0.27.5-2_openEuler-SA-2022-2044.json b/cusa/e/exiv2/exiv2-0.27.5-2_openEuler-SA-2022-2044.json index 9b9ec5c..0b1ebab 100644 --- a/cusa/e/exiv2/exiv2-0.27.5-2_openEuler-SA-2022-2044.json +++ b/cusa/e/exiv2/exiv2-0.27.5-2_openEuler-SA-2022-2044.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2044", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2044", "title": "An update for exiv2 is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.(CVE-2019-13108)\r\n\r\nThere is an out-of-bounds read in Exiv2::MrwImage::readMetadata in mrwimage.cpp in Exiv2 through 0.27.2.(CVE-2019-13504)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-37616)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A null pointer dereference was found in Exiv2 versions v0.27.4 and earlier. The null pointer dereference is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-37615)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when modifying the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `fi`. ### Patches The bug is fixed in version v0.27.5. ### References Regression test and bug fix: #1739 ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security.(CVE-2021-32815)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.(CVE-2021-37623)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when deleting the IPTC data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-d I rm`). The bug is fixed in version v0.27.5.(CVE-2021-37622)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.(CVE-2021-34334)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.5.(CVE-2021-37620)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinite loop is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.(CVE-2021-37621)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A floating point exception (FPE) due to an integer divide by zero was found in Exiv2 versions v0.27.4 and earlier. The FPE is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the interpreted (translated) data, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p t` or `-P t`). The bug is fixed in version v0.27.5.(CVE-2021-34335)\r\n\r\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to print the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when printing the image ICC profile, which is a less frequently used Exiv2 operation that requires an extra command line option (`-p C`). The bug is fixed in version v0.27.5.(CVE-2021-37618)\r\n\r\nA flaw was found in exiv2. A integer wraparound in the CrwMap:encode0x1810 function leads to memcpy call with a very large size allowing an attacker, who can provide a malicious image, to crash an application which uses the exiv2 library. The highest threat from this vulnerability is to service availability.(CVE-2021-31292)\n\nExiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.4 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.5.(CVE-2021-37619)", "cves": [ { "id": "CVE-2021-37619", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37619", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2046.json b/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2046.json index 93c932e..4734a46 100644 --- a/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2046.json +++ b/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2046.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2046", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2046", "title": "An update for exiv2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496.(CVE-2022-3756)", "cves": [ { "id": "CVE-2022-3756", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3756", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2101.json b/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2101.json index 0718699..8a4c6a0 100644 --- a/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2101.json +++ b/cusa/e/exiv2/exiv2-0.27.5-3_openEuler-SA-2022-2101.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2101", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2101", "title": "An update for exiv2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata.It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.(CVE-2022-3755)", "cves": [ { "id": "CVE-2022-3755", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3755", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/expat/expat-2.4.1-10_openEuler-SA-2024-1379.json b/cusa/e/expat/expat-2.4.1-10_openEuler-SA-2024-1379.json index e2c7d25..ef94466 100644 --- a/cusa/e/expat/expat-2.4.1-10_openEuler-SA-2024-1379.json +++ b/cusa/e/expat/expat-2.4.1-10_openEuler-SA-2024-1379.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1379", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1379", "title": "An update for expat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial.\r\n\r\nSecurity Fix(es):\r\n\r\nlibexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.(CVE-2023-52426)\r\n\r\nlibexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).(CVE-2024-28757)", "cves": [ { "id": "CVE-2024-28757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2037.json b/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2037.json index 9844c04..16d02ba 100644 --- a/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2037.json +++ b/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2037.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2037", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2037", "title": "An update for expat is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial.\n\r\n\r\nSecurity Fix(es):\r\n\r\nIn libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.(CVE-2022-43680)", "cves": [ { "id": "CVE-2022-43680", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2057.json b/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2057.json index c79b315..274d4cf 100644 --- a/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2057.json +++ b/cusa/e/expat/expat-2.4.1-8_openEuler-SA-2022-2057.json @@ -8,7 +8,7 @@ { "id": "CVE-2022-25315", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/fdupes/fdupes-2.3.0-1_openEuler-SA-2024-1532.json b/cusa/f/fdupes/fdupes-2.3.0-1_openEuler-SA-2024-1532.json index 1769afc..d18cefe 100644 --- a/cusa/f/fdupes/fdupes-2.3.0-1_openEuler-SA-2024-1532.json +++ b/cusa/f/fdupes/fdupes-2.3.0-1_openEuler-SA-2024-1532.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1532", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1532", "title": "An update for fdupes is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "FDUPES is a program for identifying duplicate files residing within specified directories.\r\n\r\nSecurity Fix(es):\r\n\r\nIn deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.(CVE-2022-48682)", "cves": [ { "id": "CVE-2022-48682", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48682", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/festival/festival-1.96-45_openEuler-SA-2022-2087.json b/cusa/f/festival/festival-1.96-45_openEuler-SA-2022-2087.json index 3bf276e..5803646 100644 --- a/cusa/f/festival/festival-1.96-45_openEuler-SA-2022-2087.json +++ b/cusa/f/festival/festival-1.96-45_openEuler-SA-2022-2087.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2087", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2087", "title": "An update for festival is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Festival offers a general framework for building speech synthesis systems as well as including examples of various modules. As a whole it offers full text to speech through a number APIs: from shell level, though a Scheme command interpreter, as a C++ library, from Java, and an Emacs interface.\r\n\r\nSecurity Fix(es):\r\n\r\nfestival_server in Centre for Speech Technology Research (CSTR) Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.(CVE-2010-3996)", "cves": [ { "id": "CVE-2010-3996", "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3996", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/ffmpeg/ffmpeg-4.2.4-4_openEuler-SA-2022-1808.json b/cusa/f/ffmpeg/ffmpeg-4.2.4-4_openEuler-SA-2022-1808.json index 1642fd7..c179b7b 100644 --- a/cusa/f/ffmpeg/ffmpeg-4.2.4-4_openEuler-SA-2022-1808.json +++ b/cusa/f/ffmpeg/ffmpeg-4.2.4-4_openEuler-SA-2022-1808.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1808", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1808", "title": "An update for ffmpeg is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "FFmpeg is a complete and free Internet live audio and video broadcasting solution for Linux/Unix. It also includes a digital VCR. It can encode in real time in many formats including MPEG1 audio and video, MPEG4, h263, ac3, asf, avi, real, mjpeg, and flash.\r\n\r\nSecurity Fix(es):\r\n\r\ntrack_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.(CVE-2020-35964)\r\n\r\nlibavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868.(CVE-2021-38114)", "cves": [ { "id": "CVE-2021-38114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38114", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/file/file-5.41-3_openEuler-SA-2023-1574.json b/cusa/f/file/file-5.41-3_openEuler-SA-2023-1574.json index 3414224..bc3eedb 100644 --- a/cusa/f/file/file-5.41-3_openEuler-SA-2023-1574.json +++ b/cusa/f/file/file-5.41-3_openEuler-SA-2023-1574.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1574", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1574", "title": "An update for file is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "The program checks to see if the file is empty,or if its some sort of special file.\r\n\r\nSecurity Fix(es):\r\n\r\nFile before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: \"File\" is the name of an Open Source project.(CVE-2022-48554)", "cves": [ { "id": "CVE-2022-48554", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48554", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1673.json b/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1673.json index af55151..c69cca9 100644 --- a/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1673.json +++ b/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1673.json @@ -8,12 +8,12 @@ { "id": "CVE-2020-15673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15673", - "severity": "Important" + "severity": "High" }, { "id": "CVE-2023-4056", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4056", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1684.json b/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1684.json index 5078865..86bda27 100644 --- a/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1684.json +++ b/cusa/f/firefox/firefox-102.14.0-1_openEuler-SA-2023-1684.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1684", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1684", "title": "An update for firefox is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nThere exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. \n(CVE-2023-1999)", "cves": [ { "id": "CVE-2023-1999", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1999", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/firefox/firefox-102.15.0-2_openEuler-SA-2023-1715.json b/cusa/f/firefox/firefox-102.15.0-2_openEuler-SA-2023-1715.json index ebe77fc..a27ce99 100644 --- a/cusa/f/firefox/firefox-102.15.0-2_openEuler-SA-2023-1715.json +++ b/cusa/f/firefox/firefox-102.15.0-2_openEuler-SA-2023-1715.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1715", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1715", "title": "An update for firefox is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4573)\r\n\r\nWhen creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4574)\r\n\r\nWhen creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4575)\r\n\r\nExcel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4581)\r\n\r\nMemory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4584)\r\n\r\nHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)(CVE-2023-4863)", "cves": [ { "id": "CVE-2023-4863", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4863", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/firefox/firefox-102.15.0-3_openEuler-SA-2023-1775.json b/cusa/f/firefox/firefox-102.15.0-3_openEuler-SA-2023-1775.json index 1a534b7..adcade7 100644 --- a/cusa/f/firefox/firefox-102.15.0-3_openEuler-SA-2023-1775.json +++ b/cusa/f/firefox/firefox-102.15.0-3_openEuler-SA-2023-1775.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1775", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1775", "title": "An update for firefox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nHeap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2023-5217)", "cves": [ { "id": "CVE-2023-5217", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5217", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/firefox/firefox-102.15.0-4_openEuler-SA-2024-1058.json b/cusa/f/firefox/firefox-102.15.0-4_openEuler-SA-2024-1058.json index b13b637..aab52bb 100644 --- a/cusa/f/firefox/firefox-102.15.0-4_openEuler-SA-2024-1058.json +++ b/cusa/f/firefox/firefox-102.15.0-4_openEuler-SA-2024-1058.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1058", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1058", "title": "An update for firefox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.(CVE-2023-7104)", "cves": [ { "id": "CVE-2023-7104", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-7104", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/firefox/firefox-102.15.0-5_openEuler-SA-2024-1211.json b/cusa/f/firefox/firefox-102.15.0-5_openEuler-SA-2024-1211.json index ab58811..d0c7bd6 100644 --- a/cusa/f/firefox/firefox-102.15.0-5_openEuler-SA-2024-1211.json +++ b/cusa/f/firefox/firefox-102.15.0-5_openEuler-SA-2024-1211.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1211", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1211", "title": "An update for firefox is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.(CVE-2022-3479)", "cves": [ { "id": "CVE-2022-3479", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3479", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/firefox/firefox-102.15.0-6_openEuler-SA-2024-1514.json b/cusa/f/firefox/firefox-102.15.0-6_openEuler-SA-2024-1514.json index 05564c1..a5c9c21 100644 --- a/cusa/f/firefox/firefox-102.15.0-6_openEuler-SA-2024-1514.json +++ b/cusa/f/firefox/firefox-102.15.0-6_openEuler-SA-2024-1514.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1514", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1514", "title": "An update for firefox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nVP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.(CVE-2023-44488)", "cves": [ { "id": "CVE-2023-44488", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44488", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/fish/fish-3.3.1-4_openEuler-SA-2022-1689.json b/cusa/f/fish/fish-3.3.1-4_openEuler-SA-2022-1689.json index 0a5caf1..904b078 100644 --- a/cusa/f/fish/fish-3.3.1-4_openEuler-SA-2022-1689.json +++ b/cusa/f/fish/fish-3.3.1-4_openEuler-SA-2022-1689.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1689", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1689", "title": "An update for fish is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "fish is a fully-equipped command line shell (like bash or zsh) that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure.\r\n\r\nSecurity Fix(es):\r\n\r\nfish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.(CVE-2022-20001)", "cves": [ { "id": "CVE-2022-20001", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20001", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/fish/fish-3.3.1-5_openEuler-SA-2023-1940.json b/cusa/f/fish/fish-3.3.1-5_openEuler-SA-2023-1940.json index 5ecc50d..7b8c44f 100644 --- a/cusa/f/fish/fish-3.3.1-5_openEuler-SA-2023-1940.json +++ b/cusa/f/fish/fish-3.3.1-5_openEuler-SA-2023-1940.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1940", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1940", "title": "An update for fish is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "fish is a fully-equipped command line shell (like bash or zsh) that is smart and user-friendly. fish supports powerful features like syntax highlighting, autosuggestions, and tab completions that just work, with nothing to learn or configure.\r\n\r\nSecurity Fix(es):\r\n\r\nfish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \\UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-49284)", "cves": [ { "id": "CVE-2023-49284", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49284", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/flac/flac-1.3.3-6_openEuler-SA-2022-1697.json b/cusa/f/flac/flac-1.3.3-6_openEuler-SA-2022-1697.json index 16cf668..b1e3139 100644 --- a/cusa/f/flac/flac-1.3.3-6_openEuler-SA-2022-1697.json +++ b/cusa/f/flac/flac-1.3.3-6_openEuler-SA-2022-1697.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1697", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1697", "title": "An update for flac is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "FLAC stands for Free Lossless Audio Codec, an audio format similar to MP3, but lossless, meaning that audio is compressed in FLAC without any loss in quality.\r\n\r\nSecurity Fix(es):\r\n\r\nIn FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070(CVE-2020-0499)", "cves": [ { "id": "CVE-2020-0499", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-0499", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/flatpak-builder/flatpak-builder-1.0.14-2_openEuler-SA-2022-1788.json b/cusa/f/flatpak-builder/flatpak-builder-1.0.14-2_openEuler-SA-2022-1788.json index f9526ab..94ce868 100644 --- a/cusa/f/flatpak-builder/flatpak-builder-1.0.14-2_openEuler-SA-2022-1788.json +++ b/cusa/f/flatpak-builder/flatpak-builder-1.0.14-2_openEuler-SA-2022-1788.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1788", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1788", "title": "An update for flatpak-builder is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Flatpak-builder is a tool for building flatpaks from sources.\r\n\r\nSecurity Fix(es):\r\n\r\nFlatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is specified in the manifest, so running `flatpak build` against it will gain those permissions. Normally this will not be done, so this is not problem. However, if `--mirror-screenshots-url` is specified, then flatpak-builder will launch `flatpak build --nofilesystem=host appstream-utils mirror-screenshots` after finalization, which can lead to issues even with the `--nofilesystem=host` protection. In normal use, the only issue is that these empty directories can be created wherever the user has write permissions. However, a malicious application could replace the `appstream-util` binary and potentially do something more hostile. This has been resolved in Flatpak 1.12.3 and 1.10.6 by changing the behaviour of `--nofilesystem=home` and `--nofilesystem=host`.(CVE-2022-21682)", "cves": [ { "id": "CVE-2022-21682", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21682", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/flatpak/flatpak-1.10.2-7_openEuler-SA-2024-1424.json b/cusa/f/flatpak/flatpak-1.10.2-7_openEuler-SA-2024-1424.json index d27634e..93050ad 100644 --- a/cusa/f/flatpak/flatpak-1.10.2-7_openEuler-SA-2024-1424.json +++ b/cusa/f/flatpak/flatpak-1.10.2-7_openEuler-SA-2024-1424.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1424", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1424", "title": "An update for flatpak is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information.\r\n\r\nSecurity Fix(es):\r\n\r\nFlatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.(CVE-2023-28100)\r\n\r\nFlatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.(CVE-2023-28101)", "cves": [ { "id": "CVE-2023-28101", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28101", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/flatpak/flatpak-1.10.2-8_openEuler-SA-2024-1490.json b/cusa/f/flatpak/flatpak-1.10.2-8_openEuler-SA-2024-1490.json index aee2fa4..cdc64a2 100644 --- a/cusa/f/flatpak/flatpak-1.10.2-8_openEuler-SA-2024-1490.json +++ b/cusa/f/flatpak/flatpak-1.10.2-8_openEuler-SA-2024-1490.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1490", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1490", "title": "An update for flatpak is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information.\r\n\r\nSecurity Fix(es):\r\n\r\nFlatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.(CVE-2024-32462)", "cves": [ { "id": "CVE-2024-32462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32462", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/fontforge/fontforge-20200314-8_openEuler-SA-2024-1228.json b/cusa/f/fontforge/fontforge-20200314-8_openEuler-SA-2024-1228.json index 32886bf..7786e62 100644 --- a/cusa/f/fontforge/fontforge-20200314-8_openEuler-SA-2024-1228.json +++ b/cusa/f/fontforge/fontforge-20200314-8_openEuler-SA-2024-1228.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1228", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1228", "title": "An update for fontforge is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "FontForge (former PfaEdit) is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.\r\n\r\nSecurity Fix(es):\r\n\r\nSplinefont in FontForge through 20230101 allows command injection via crafted filenames.(CVE-2024-25081)\r\n\r\nSplinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.(CVE-2024-25082)", "cves": [ { "id": "CVE-2024-25082", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25082", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/freeglut/freeglut-3.0.0-12_openEuler-SA-2024-1174.json b/cusa/f/freeglut/freeglut-3.0.0-12_openEuler-SA-2024-1174.json index da3a8dc..c2bf2d3 100644 --- a/cusa/f/freeglut/freeglut-3.0.0-12_openEuler-SA-2024-1174.json +++ b/cusa/f/freeglut/freeglut-3.0.0-12_openEuler-SA-2024-1174.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1174", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1174", "title": "An update for freeglut is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "Freeglut is a free-software/open-source alternative to the OpenGL Utility Toolkit (GLUT) library. GLUT was originally written to support the sample programs in the second edition OpenGL 'RedBook'. Since then, GLUT has been used in a wide variety of practical applications because it is simple, widely available and highly portable.\r\n\r\nSecurity Fix(es):\r\n\r\nfreeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.(CVE-2024-24258)\r\n\r\nfreeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.(CVE-2024-24259)", "cves": [ { "id": "CVE-2024-24259", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24259", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/freeimage/freeimage-3.18.0-9_openEuler-SA-2023-1898.json b/cusa/f/freeimage/freeimage-3.18.0-9_openEuler-SA-2023-1898.json index 7eacad1..f74ba06 100644 --- a/cusa/f/freeimage/freeimage-3.18.0-9_openEuler-SA-2023-1898.json +++ b/cusa/f/freeimage/freeimage-3.18.0-9_openEuler-SA-2023-1898.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1898", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1898", "title": "An update for freeimage is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "FreeImage is a library project for developers who would like to support popular graphics image formats (PNG, JPEG, TIFF, BMP and others). Some highlights are: extremely simple in use, not limited to the local PC (unique FreeImageIO) and Plugin driven!\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21427)\r\n\r\nBuffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.(CVE-2020-21428)", "cves": [ { "id": "CVE-2020-21428", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21428", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2022-2165.json b/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2022-2165.json index b690cd0..3de6aef 100644 --- a/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2022-2165.json +++ b/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2022-2165.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2165", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2165", "title": "An update for freeradius is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.\r\n\r\nSecurity Fix(es):\r\n\r\nWhen an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.\r\n\r\nReferences:\r\n\r\nhttps://freeradius.org/security/\r\n\r\nUpstream fix:\r\n\r\nhttps://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a(CVE-2022-41860)\r\n\r\nA malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.\r\n\r\nReferences:\r\n\r\nhttps://freeradius.org/security/\r\n\r\nUpstream fix:\r\n\r\nhttps://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e(CVE-2022-41861)", "cves": [ { "id": "CVE-2022-41861", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41861", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2023-1956.json b/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2023-1956.json index 5582f2b..16e3577 100644 --- a/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2023-1956.json +++ b/cusa/f/freeradius/freeradius-3.0.25-2_openEuler-SA-2023-1956.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1956", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1956", "title": "An update for freeradius is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.\r\n\r\nSecurity Fix(es):\r\n\r\nIn freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.(CVE-2022-41859)", "cves": [ { "id": "CVE-2022-41859", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41859", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/freerdp/freerdp-2.11.1-1_openEuler-SA-2023-1656.json b/cusa/f/freerdp/freerdp-2.11.1-1_openEuler-SA-2023-1656.json index 9d4896f..a5c71e1 100644 --- a/cusa/f/freerdp/freerdp-2.11.1-1_openEuler-SA-2023-1656.json +++ b/cusa/f/freerdp/freerdp-2.11.1-1_openEuler-SA-2023-1656.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1656", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1656", "title": "An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\r\n\r\nSecurity Fix(es):\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n(CVE-2023-39350)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39351)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n(CVE-2023-39352)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39353)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.(CVE-2023-39354)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n(CVE-2023-39356)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40181)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40186)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40188)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.(CVE-2023-40567)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.(CVE-2023-40569)\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.(CVE-2023-40589)", "cves": [ { "id": "CVE-2023-40589", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40589", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/freerdp/freerdp-2.11.7-2_openEuler-SA-2024-1542.json b/cusa/f/freerdp/freerdp-2.11.7-2_openEuler-SA-2024-1542.json index de1fcdb..d1a9801 100644 --- a/cusa/f/freerdp/freerdp-2.11.7-2_openEuler-SA-2024-1542.json +++ b/cusa/f/freerdp/freerdp-2.11.7-2_openEuler-SA-2024-1542.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1542", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1542", "title": "An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Important", + "severity": "High", "description": "FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\r\n\r\nSecurity Fix(es):\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.(CVE-2024-32661)", "cves": [ { "id": "CVE-2024-32661", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32661", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/freerdp/freerdp-2.8.1-1_openEuler-SA-2022-2018.json b/cusa/f/freerdp/freerdp-2.8.1-1_openEuler-SA-2022-2018.json index ecde453..d8e6dd4 100644 --- a/cusa/f/freerdp/freerdp-2.8.1-1_openEuler-SA-2022-2018.json +++ b/cusa/f/freerdp/freerdp-2.8.1-1_openEuler-SA-2022-2018.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2018", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2018", "title": "An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\r\n\r\nSecurity Fix(es):\r\n\r\nFreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.(CVE-2022-39283)\r\n\r\nFreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.(CVE-2022-39282)", "cves": [ { "id": "CVE-2022-39282", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39282", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/freerdp/freerdp-2.8.1-2_openEuler-SA-2022-2112.json b/cusa/f/freerdp/freerdp-2.8.1-2_openEuler-SA-2022-2112.json index 6207ea0..5cbdb2c 100644 --- a/cusa/f/freerdp/freerdp-2.8.1-2_openEuler-SA-2022-2112.json +++ b/cusa/f/freerdp/freerdp-2.8.1-2_openEuler-SA-2022-2112.json @@ -8,7 +8,7 @@ { "id": "CVE-2022-39318", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39318", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/freetype/freetype-2.11.0-3_openEuler-SA-2023-1246.json b/cusa/f/freetype/freetype-2.11.0-3_openEuler-SA-2023-1246.json index 71c181d..95f36d9 100644 --- a/cusa/f/freetype/freetype-2.11.0-3_openEuler-SA-2023-1246.json +++ b/cusa/f/freetype/freetype-2.11.0-3_openEuler-SA-2023-1246.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1246", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1246", "title": "An update for freetype is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output (glyph images) of most vector and bitmap font formats\r\n\r\nSecurity Fix(es):\r\n\r\nAn integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.(CVE-2023-2004)", "cves": [ { "id": "CVE-2023-2004", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2004", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/f/fribidi/fribidi-1.0.10-2_openEuler-SA-2022-1923.json b/cusa/f/fribidi/fribidi-1.0.10-2_openEuler-SA-2022-1923.json index aec2b8f..7a8ba1e 100644 --- a/cusa/f/fribidi/fribidi-1.0.10-2_openEuler-SA-2022-1923.json +++ b/cusa/f/fribidi/fribidi-1.0.10-2_openEuler-SA-2022-1923.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1923", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1923", "title": "An update for fribidi is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "A library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way; while the text data itself is always written in logical order and display in a different direction .\r\n\r\nSecurity Fix(es):\r\n\r\nA stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.(CVE-2022-25308)\r\n\r\nA heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the '--caprtl' option, leading to a crash and causing a denial of service.(CVE-2022-25309)\r\n\r\nA segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service.(CVE-2022-25310)", "cves": [ { "id": "CVE-2022-25310", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25310", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/future/future-0.18.2-2_openEuler-SA-2023-1176.json b/cusa/f/future/future-0.18.2-2_openEuler-SA-2023-1176.json index 4e0dfd1..a44d968 100644 --- a/cusa/f/future/future-0.18.2-2_openEuler-SA-2023-1176.json +++ b/cusa/f/future/future-0.18.2-2_openEuler-SA-2023-1176.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1176", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1176", "title": "An update for future is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "This package intends to provides a compatibility layer for Python between its two version release. The future and past packages are both provides for backports and forwards, in which you are able to use a single, clean codebase to run under Python3 environmets easily. With also providing futurize and pasteurize scripts, you can convert you Python code to support both version.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.(CVE-2022-40899)", "cves": [ { "id": "CVE-2022-40899", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40899", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/f/fwupd/fwupd-1.2.9-5_openEuler-SA-2022-1801.json b/cusa/f/fwupd/fwupd-1.2.9-5_openEuler-SA-2022-1801.json index 42af915..526c376 100644 --- a/cusa/f/fwupd/fwupd-1.2.9-5_openEuler-SA-2022-1801.json +++ b/cusa/f/fwupd/fwupd-1.2.9-5_openEuler-SA-2022-1801.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1801", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1801", "title": "An update for fwupd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "aims to make updating firmware on Linux automatic, safe and reliable.\r\n\r\nSecurity Fix(es):\r\n\r\nA PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.(CVE-2020-10759)", "cves": [ { "id": "CVE-2020-10759", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10759", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/GraphicsMagick/GraphicsMagick-1.3.30-9_openEuler-SA-2022-1760.json b/cusa/g/GraphicsMagick/GraphicsMagick-1.3.30-9_openEuler-SA-2022-1760.json index c0fcdf2..efb10b1 100644 --- a/cusa/g/GraphicsMagick/GraphicsMagick-1.3.30-9_openEuler-SA-2022-1760.json +++ b/cusa/g/GraphicsMagick/GraphicsMagick-1.3.30-9_openEuler-SA-2022-1760.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1760", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1760", "title": "An update for GraphicsMagick is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "GraphicsMagick is the swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler's SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and libraries which support reading, writing, and manipulating an image in over 89 major formats including important formats like DPX, GIF, JPEG, JPEG-2000, PNG, PDF, PNM, TIFF, and WebP.\r\n\r\nSecurity Fix(es):\r\n\r\nIn GraphicsMagick, a heap buffer overflow was found when parsing MIFF. (CVE-2022-1270)", "cves": [ { "id": "CVE-2022-1270", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1270", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/GraphicsMagick/GraphicsMagick-1.3.41-1_openEuler-SA-2023-1818.json b/cusa/g/GraphicsMagick/GraphicsMagick-1.3.41-1_openEuler-SA-2023-1818.json index fc9df0a..39d6518 100644 --- a/cusa/g/GraphicsMagick/GraphicsMagick-1.3.41-1_openEuler-SA-2023-1818.json +++ b/cusa/g/GraphicsMagick/GraphicsMagick-1.3.41-1_openEuler-SA-2023-1818.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1818", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1818", "title": "An update for GraphicsMagick is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "GraphicsMagick is the swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler's SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and libraries which support reading, writing, and manipulating an image in over 89 major formats including important formats like DPX, GIF, JPEG, JPEG-2000, PNG, PDF, PNM, TIFF, and WebP.\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.(CVE-2020-21679)", "cves": [ { "id": "CVE-2020-21679", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-21679", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/game-music-emu/game-music-emu-0.6.2-1_openEuler-SA-2022-1831.json b/cusa/g/game-music-emu/game-music-emu-0.6.2-1_openEuler-SA-2022-1831.json index a8c1857..ad5b56d 100644 --- a/cusa/g/game-music-emu/game-music-emu-0.6.2-1_openEuler-SA-2022-1831.json +++ b/cusa/g/game-music-emu/game-music-emu-0.6.2-1_openEuler-SA-2022-1831.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1831", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1831", "title": "An update for game-music-emu is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Game_Music_Emu is a collection of video game music file simulators that supports the following formats and systems:\r\n\r\nSecurity Fix(es):\r\n\r\nThe Mem_File_Reader::read_avail function in Data_Reader.cpp in the Game_Music_Emu library (aka game-music-emu) 0.6.1 does not ensure a non-negative size, which allows remote attackers to cause a denial of service (application crash) via a crafted file.(CVE-2017-17446)", "cves": [ { "id": "CVE-2017-17446", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17446", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/ganglia/ganglia-3.7.2-2_openEuler-SA-2022-2073.json b/cusa/g/ganglia/ganglia-3.7.2-2_openEuler-SA-2022-2073.json index e51b7ed..4a88fe1 100644 --- a/cusa/g/ganglia/ganglia-3.7.2-2_openEuler-SA-2022-2073.json +++ b/cusa/g/ganglia/ganglia-3.7.2-2_openEuler-SA-2022-2073.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2073", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2073", "title": "An update for ganglia is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format.\r\n\r\nSecurity Fix(es):\r\n\r\nganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.(CVE-2019-20378)\r\n\r\nganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.(CVE-2019-20379)", "cves": [ { "id": "CVE-2019-20379", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20379", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gcc/gcc-10.3.1-19_openEuler-SA-2023-1735.json b/cusa/g/gcc/gcc-10.3.1-19_openEuler-SA-2023-1735.json index 2b6fd40..daf3325 100644 --- a/cusa/g/gcc/gcc-10.3.1-19_openEuler-SA-2023-1735.json +++ b/cusa/g/gcc/gcc-10.3.1-19_openEuler-SA-2023-1735.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1735", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1735", "title": "An update for gcc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "The gcc package contains the GNU Compiler Collection version 10. You'll need this package in order to compile C code.\r\n\r\nSecurity Fix(es):\r\n\r\n\r\n\r\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\r\n\r\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\r\n\r\n\r\n\r\n\r\n\r\n(CVE-2023-4039)", "cves": [ { "id": "CVE-2023-4039", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4039", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gd/gd-2.3.2-2_openEuler-SA-2022-1613.json b/cusa/g/gd/gd-2.3.2-2_openEuler-SA-2022-1613.json index f4a0be0..af3cd61 100644 --- a/cusa/g/gd/gd-2.3.2-2_openEuler-SA-2022-1613.json +++ b/cusa/g/gd/gd-2.3.2-2_openEuler-SA-2022-1613.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1613", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1613", "title": "An update for gd is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP2,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The gd graphics library allows your code to quickly draw images complete with lines, arcs, text, multiple colors, cut and paste from other images, and flood fills, and to write out the result as a PNG or JPEG file. The most common applications of GD involve website development, although it can be used with any standalone application!\r\n\r\nSecurity Fix(es):\r\n\r\n** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is \"The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.\"(CVE-2021-40145)", "cves": [ { "id": "CVE-2021-40145", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40145", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/gdb/gdb-11.1-5_openEuler-SA-2023-1624.json b/cusa/g/gdb/gdb-11.1-5_openEuler-SA-2023-1624.json index 3f807a8..3628916 100644 --- a/cusa/g/gdb/gdb-11.1-5_openEuler-SA-2023-1624.json +++ b/cusa/g/gdb/gdb-11.1-5_openEuler-SA-2023-1624.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1624", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1624", "title": "An update for gdb is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.(CVE-2023-39128)", "cves": [ { "id": "CVE-2023-39128", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39128", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gdb/gdb-11.1-6_openEuler-SA-2023-1826.json b/cusa/g/gdb/gdb-11.1-6_openEuler-SA-2023-1826.json index 6147448..e71e521 100644 --- a/cusa/g/gdb/gdb-11.1-6_openEuler-SA-2023-1826.json +++ b/cusa/g/gdb/gdb-11.1-6_openEuler-SA-2023-1826.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1826", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1826", "title": "An update for gdb is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.(CVE-2023-39129)", "cves": [ { "id": "CVE-2023-39129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39129", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gdb/gdb-11.1-7_openEuler-SA-2023-1870.json b/cusa/g/gdb/gdb-11.1-7_openEuler-SA-2023-1870.json index 59a0bff..5512498 100644 --- a/cusa/g/gdb/gdb-11.1-7_openEuler-SA-2023-1870.json +++ b/cusa/g/gdb/gdb-11.1-7_openEuler-SA-2023-1870.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1870", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1870", "title": "An update for gdb is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed.\r\n\r\nSecurity Fix(es):\r\n\r\nGNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.(CVE-2023-39130)", "cves": [ { "id": "CVE-2023-39130", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39130", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gdk-pixbuf2/gdk-pixbuf2-2.42.6-4_openEuler-SA-2022-1874.json b/cusa/g/gdk-pixbuf2/gdk-pixbuf2-2.42.6-4_openEuler-SA-2022-1874.json index 95228d3..c6dc57e 100644 --- a/cusa/g/gdk-pixbuf2/gdk-pixbuf2-2.42.6-4_openEuler-SA-2022-1874.json +++ b/cusa/g/gdk-pixbuf2/gdk-pixbuf2-2.42.6-4_openEuler-SA-2022-1874.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1874", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1874", "title": "An update for gdk-pixbuf2 is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "gdk is written in C but has been designed from the ground up to support a wide range of languages. It provide a complete set of widgets,and suitable for projects ranging from small one-off tools to complete application suites.\r\n\r\nSecurity Fix(es):\r\n\r\nGNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.(CVE-2021-46829)", "cves": [ { "id": "CVE-2021-46829", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46829", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/ghostscript/ghostscript-9.55.0-2_openEuler-SA-2022-1754.json b/cusa/g/ghostscript/ghostscript-9.55.0-2_openEuler-SA-2022-1754.json index cb13bff..fe99655 100644 --- a/cusa/g/ghostscript/ghostscript-9.55.0-2_openEuler-SA-2022-1754.json +++ b/cusa/g/ghostscript/ghostscript-9.55.0-2_openEuler-SA-2022-1754.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1754", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1754", "title": "An update for ghostscript is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "Ghostscript is an interpreter for PostScript™ and Portable Document Format (PDF) files. Ghostscript consists of a PostScript interpreter layer, and a graphics library.\r\n\r\nSecurity Fix(es):\r\n\r\nA NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.(CVE-2022-2085)", "cves": [ { "id": "CVE-2022-2085", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2085", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/ghostscript/ghostscript-9.55.0-6_openEuler-SA-2023-1984.json b/cusa/g/ghostscript/ghostscript-9.55.0-6_openEuler-SA-2023-1984.json index 349b7a4..6a7a083 100644 --- a/cusa/g/ghostscript/ghostscript-9.55.0-6_openEuler-SA-2023-1984.json +++ b/cusa/g/ghostscript/ghostscript-9.55.0-6_openEuler-SA-2023-1984.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1984", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1984", "title": "An update for ghostscript is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "Ghostscript is an interpreter for PostScript™ and Portable Document Format (PDF) files. Ghostscript consists of a PostScript interpreter layer, and a graphics library.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer.(CVE-2023-46751)", "cves": [ { "id": "CVE-2023-46751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46751", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/giflib/giflib-5.2.1-4_openEuler-SA-2022-1723.json b/cusa/g/giflib/giflib-5.2.1-4_openEuler-SA-2022-1723.json index e40e8fa..7c62a21 100644 --- a/cusa/g/giflib/giflib-5.2.1-4_openEuler-SA-2022-1723.json +++ b/cusa/g/giflib/giflib-5.2.1-4_openEuler-SA-2022-1723.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1723", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1723", "title": "An update for giflib is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "giflib is a library of gif images and provides utilities for processing images.\r\n\r\nSecurity Fix(es):\r\n\r\nThere is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.(CVE-2022-28506)", "cves": [ { "id": "CVE-2022-28506", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28506", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/giflib/giflib-5.2.1-5_openEuler-SA-2023-1675.json b/cusa/g/giflib/giflib-5.2.1-5_openEuler-SA-2023-1675.json index 4214f60..831eb87 100644 --- a/cusa/g/giflib/giflib-5.2.1-5_openEuler-SA-2023-1675.json +++ b/cusa/g/giflib/giflib-5.2.1-5_openEuler-SA-2023-1675.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1675", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1675", "title": "An update for giflib is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "giflib is a library of gif images and provides utilities for processing images.\r\n\r\nSecurity Fix(es):\r\n\r\ngiflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.(CVE-2023-39742)", "cves": [ { "id": "CVE-2023-39742", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39742", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/giflib/giflib-5.2.1-6_openEuler-SA-2024-1602.json b/cusa/g/giflib/giflib-5.2.1-6_openEuler-SA-2024-1602.json index f6a92e6..6c12d63 100644 --- a/cusa/g/giflib/giflib-5.2.1-6_openEuler-SA-2024-1602.json +++ b/cusa/g/giflib/giflib-5.2.1-6_openEuler-SA-2024-1602.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1602", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1602", "title": "An update for giflib is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "giflib is a library of gif images and provides utilities for processing images.\r\n\r\nSecurity Fix(es):\r\n\r\nA memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.(CVE-2021-40633)", "cves": [ { "id": "CVE-2021-40633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40633", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/git/git-2.33.0-10_openEuler-SA-2023-1269.json b/cusa/g/git/git-2.33.0-10_openEuler-SA-2023-1269.json index 90bc24d..bd3d0db 100644 --- a/cusa/g/git/git-2.33.0-10_openEuler-SA-2023-1269.json +++ b/cusa/g/git/git-2.33.0-10_openEuler-SA-2023-1269.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1269", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1269", "title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.(CVE-2023-25652)\r\n\r\nIn Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.\r\n\r\nThis vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`.(CVE-2023-25815)\r\n\r\nGit is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.(CVE-2023-29007)", "cves": [ { "id": "CVE-2023-29007", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29007", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/git/git-2.33.0-2_openEuler-SA-2022-1676.json b/cusa/g/git/git-2.33.0-2_openEuler-SA-2022-1676.json index bd3b485..005f224 100644 --- a/cusa/g/git/git-2.33.0-2_openEuler-SA-2022-1676.json +++ b/cusa/g/git/git-2.33.0-2_openEuler-SA-2022-1676.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1676", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1676", "title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\n\nSecurity Fix(es):\n\nGit for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.(CVE-2022-24765)", "cves": [ { "id": "CVE-2022-24765", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24765", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/git/git-2.33.0-3_openEuler-SA-2022-1765.json b/cusa/g/git/git-2.33.0-3_openEuler-SA-2022-1765.json index 1a0f0f9..81db312 100644 --- a/cusa/g/git/git-2.33.0-3_openEuler-SA-2022-1765.json +++ b/cusa/g/git/git-2.33.0-3_openEuler-SA-2022-1765.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1765", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1765", "title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce,and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.(CVE-2022-29187)", "cves": [ { "id": "CVE-2022-29187", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29187", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/git/git-2.33.0-4_openEuler-SA-2022-2029.json b/cusa/g/git/git-2.33.0-4_openEuler-SA-2022-2029.json index ec200a7..ab007f3 100644 --- a/cusa/g/git/git-2.33.0-4_openEuler-SA-2022-2029.json +++ b/cusa/g/git/git-2.33.0-4_openEuler-SA-2022-2029.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2029", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2029", "title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce,and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.(CVE-2022-39253)\r\n\r\nGit is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.(CVE-2022-39260)", "cves": [ { "id": "CVE-2022-39260", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39260", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/git/git-2.33.0-7_openEuler-SA-2023-1059.json b/cusa/g/git/git-2.33.0-7_openEuler-SA-2023-1059.json index 4dc0c4a..95c42bb 100644 --- a/cusa/g/git/git-2.33.0-7_openEuler-SA-2023-1059.json +++ b/cusa/g/git/git-2.33.0-7_openEuler-SA-2023-1059.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1059", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1059", "title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it, among other things running a spell checker called `aspell.exe` if it was found. Git GUI is implemented as a Tcl/Tk script. Due to the unfortunate design of Tcl on Windows, the search path when looking for an executable _always includes the current directory_. Therefore, malicious repositories can ship with an `aspell.exe` in their top-level directory which is executed by Git GUI without giving the user a chance to inspect it first, i.e. running untrusted code. This issue has been addressed in version 2.39.1. Users are advised to upgrade. Users unable to upgrade should avoid using Git GUI for cloning. If that is not a viable option, at least avoid cloning from untrusted sources.(CVE-2022-41953)", "cves": [ { "id": "CVE-2022-41953", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41953", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/git/git-2.33.0-8_openEuler-SA-2023-1120.json b/cusa/g/git/git-2.33.0-8_openEuler-SA-2023-1120.json index cd651be..41377cf 100644 --- a/cusa/g/git/git-2.33.0-8_openEuler-SA-2023-1120.json +++ b/cusa/g/git/git-2.33.0-8_openEuler-SA-2023-1120.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1120", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1120", "title": "An update for git is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce,and ClearCase with features like cheap local branching, convenient staging areas, and multiple workflows.\r\n\r\nSecurity Fix(es):\r\n\r\nGit is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs.(CVE-2023-22490)\r\n\r\nGit, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link.(CVE-2023-23946)", "cves": [ { "id": "CVE-2023-23946", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23946", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/glade/glade-3.36.0-3_openEuler-SA-2024-1270.json b/cusa/g/glade/glade-3.36.0-3_openEuler-SA-2024-1270.json index c427fa8..c62a6e3 100644 --- a/cusa/g/glade/glade-3.36.0-3_openEuler-SA-2024-1270.json +++ b/cusa/g/glade/glade-3.36.0-3_openEuler-SA-2024-1270.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1270", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1270", "title": "An update for glade is now available for openEuler-20.03-LTS-SP1,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "Glade is a RAD tool to enable quick and easy development of user interfaces for the GTK+ toolkit and the GNOME desktop environment.\r\n\r\nSecurity Fix(es):\r\n\r\nplugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).(CVE-2020-36774)", "cves": [ { "id": "CVE-2020-36774", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36774", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/glib2/glib2-2.68.1-17_openEuler-SA-2023-1206.json b/cusa/g/glib2/glib2-2.68.1-17_openEuler-SA-2023-1206.json index f77c884..a9528e7 100644 --- a/cusa/g/glib2/glib2-2.68.1-17_openEuler-SA-2023-1206.json +++ b/cusa/g/glib2/glib2-2.68.1-17_openEuler-SA-2023-1206.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1206", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1206", "title": "An update for glib2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "GLib is a bundle of three (formerly five) low-level system libraries written in C and developed mainly by GNOME. GLib's code was separated from GTK, so it can be used by software other than GNOME and has been developed in parallel ever since.\r\n\r\nSecurity Fix(es):\r\n\r\n\nglib: DoS caused by malicious serialised variant(CVE-2023-25180)\r\n\r\n\nglib: DoS caused by handling a malicious text-form variant(CVE-2023-24593)", "cves": [ { "id": "CVE-2023-24593", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24593", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/glibc/glibc-2.34-136_openEuler-SA-2023-1688.json b/cusa/g/glibc/glibc-2.34-136_openEuler-SA-2023-1688.json index 068c5e2..f2960b2 100644 --- a/cusa/g/glibc/glibc-2.34-136_openEuler-SA-2023-1688.json +++ b/cusa/g/glibc/glibc-2.34-136_openEuler-SA-2023-1688.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1688", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1688", "title": "An update for glibc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.(CVE-2023-4806)\r\n\r\nA flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.(CVE-2023-4813)\r\n\r\nA flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.(CVE-2023-5156)", "cves": [ { "id": "CVE-2023-5156", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5156", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/glibc/glibc-2.34-137_openEuler-SA-2023-1725.json b/cusa/g/glibc/glibc-2.34-137_openEuler-SA-2023-1725.json index 83be60b..4c932a1 100644 --- a/cusa/g/glibc/glibc-2.34-137_openEuler-SA-2023-1725.json +++ b/cusa/g/glibc/glibc-2.34-137_openEuler-SA-2023-1725.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1725", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1725", "title": "An update for glibc is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more.\r\n\r\nSecurity Fix(es):\r\n\r\nA buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.(CVE-2023-4911)", "cves": [ { "id": "CVE-2023-4911", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4911", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/glibc/glibc-2.34-149_openEuler-SA-2024-1544.json b/cusa/g/glibc/glibc-2.34-149_openEuler-SA-2024-1544.json index 9111359..d7c68c7 100644 --- a/cusa/g/glibc/glibc-2.34-149_openEuler-SA-2024-1544.json +++ b/cusa/g/glibc/glibc-2.34-149_openEuler-SA-2024-1544.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1544", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1544", "title": "An update for glibc is now available for openEuler-20.03-LTS-SP4 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more.\r\n\r\nSecurity Fix(es):\r\n\r\nnscd: Stack-based buffer overflow in netgroup cache\r\n\r\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\n(CVE-2024-33599)\r\n\r\nnscd: Null pointer crashes after notfound response\r\n\r\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\r\n\r\n(CVE-2024-33600)\r\n\r\nnscd: netgroup cache may terminate daemon on memory allocation failure\r\n\r\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\r\n\r\n(CVE-2024-33601)\r\n\r\nnscd: netgroup cache assumes NSS callback uses in-buffer strings\r\n\r\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\r\n\r\nThis vulnerability is only present in the nscd binary.\r\n\r\n(CVE-2024-33602)", "cves": [ { "id": "CVE-2024-33602", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/glusterfs/glusterfs-10.0-8_openEuler-SA-2023-1170.json b/cusa/g/glusterfs/glusterfs-10.0-8_openEuler-SA-2023-1170.json index 35c869e..9917085 100644 --- a/cusa/g/glusterfs/glusterfs-10.0-8_openEuler-SA-2023-1170.json +++ b/cusa/g/glusterfs/glusterfs-10.0-8_openEuler-SA-2023-1170.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1170", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1170", "title": "An update for glusterfs is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "\r\n\r\nSecurity Fix(es):\r\n\r\nIn Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.(CVE-2023-26253)", "cves": [ { "id": "CVE-2023-26253", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26253", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/glusterfs/glusterfs-10.0-9_openEuler-SA-2024-1266.json b/cusa/g/glusterfs/glusterfs-10.0-9_openEuler-SA-2024-1266.json index abd47ea..ecdff2c 100644 --- a/cusa/g/glusterfs/glusterfs-10.0-9_openEuler-SA-2024-1266.json +++ b/cusa/g/glusterfs/glusterfs-10.0-9_openEuler-SA-2024-1266.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1266", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1266", "title": "An update for glusterfs is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over TCP/IP interconnect into one large parallel network filesystem. GlusterFS is one of the most sophisticated file systems in terms of features and extensibility. It borrows a powerful concept called Translators from GNU Hurd kernel. Much of the code in GlusterFS is in user space and easily manageable.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.(CVE-2022-48340)", "cves": [ { "id": "CVE-2022-48340", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48340", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/gnome-font-viewer/gnome-font-viewer-3.34.0-2_openEuler-SA-2022-2074.json b/cusa/g/gnome-font-viewer/gnome-font-viewer-3.34.0-2_openEuler-SA-2022-2074.json index 885903c..0c0d438 100644 --- a/cusa/g/gnome-font-viewer/gnome-font-viewer-3.34.0-2_openEuler-SA-2022-2074.json +++ b/cusa/g/gnome-font-viewer/gnome-font-viewer-3.34.0-2_openEuler-SA-2022-2074.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2074", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2074", "title": "An update for gnome-font-viewer is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "The Font Viewer application has been rewritten to match the new design used for GNOME 3 applications.It can now show an overview of all installed fonts and optimizes screen space usage when the application is maximized.\r\n\r\nSecurity Fix(es):\r\n\r\nIn text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).(CVE-2019-19308)", "cves": [ { "id": "CVE-2019-19308", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19308", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gnulib/gnulib-0-29.20180720git_openEuler-SA-2022-2089.json b/cusa/g/gnulib/gnulib-0-29.20180720git_openEuler-SA-2022-2089.json index 8f715fc..def6db9 100644 --- a/cusa/g/gnulib/gnulib-0-29.20180720git_openEuler-SA-2022-2089.json +++ b/cusa/g/gnulib/gnulib-0-29.20180720git_openEuler-SA-2022-2089.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2089", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2089", "title": "An update for gnulib is now available for openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "Gnulib is a central location for common GNU code, intended to be shared among GNU packages. It can be used to improve portability and other functionality in your programs.\r\n\r\nSecurity Fix(es):\r\n\r\nThe convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\\0' character during %f processing.(CVE-2018-17942)", "cves": [ { "id": "CVE-2018-17942", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17942", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/gnupg2/gnupg2-2.2.32-3_openEuler-SA-2022-1847.json b/cusa/g/gnupg2/gnupg2-2.2.32-3_openEuler-SA-2022-1847.json index 299cdc0..cb3c461 100644 --- a/cusa/g/gnupg2/gnupg2-2.2.32-3_openEuler-SA-2022-1847.json +++ b/cusa/g/gnupg2/gnupg2-2.2.32-3_openEuler-SA-2022-1847.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1847", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1847", "title": "An update for gnupg2 is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG enables encryption and signing of data and communication, and features a versatile key management system as well as access modules for public key directories.\r\n\r\nSecurity Fix(es):\r\n\r\nGnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.(CVE-2022-34903)", "cves": [ { "id": "CVE-2022-34903", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34903", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gnutls/gnutls-3.7.2-10_openEuler-SA-2024-1093.json b/cusa/g/gnutls/gnutls-3.7.2-10_openEuler-SA-2024-1093.json index be490e9..453369a 100644 --- a/cusa/g/gnutls/gnutls-3.7.2-10_openEuler-SA-2024-1093.json +++ b/cusa/g/gnutls/gnutls-3.7.2-10_openEuler-SA-2024-1093.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1093", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1093", "title": "An update for gnutls is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.(CVE-2024-0553)\r\n\r\nA vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.(CVE-2024-0567)", "cves": [ { "id": "CVE-2024-0567", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0567", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gnutls/gnutls-3.7.2-12_openEuler-SA-2024-1439.json b/cusa/g/gnutls/gnutls-3.7.2-12_openEuler-SA-2024-1439.json index ac62d2c..8245b2b 100644 --- a/cusa/g/gnutls/gnutls-3.7.2-12_openEuler-SA-2024-1439.json +++ b/cusa/g/gnutls/gnutls-3.7.2-12_openEuler-SA-2024-1439.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1439", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1439", "title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3", - "severity": "Moderate", + "severity": "Medium", "description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.(CVE-2024-28834)", "cves": [ { "id": "CVE-2024-28834", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28834", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gnutls/gnutls-3.7.2-13_openEuler-SA-2024-1506.json b/cusa/g/gnutls/gnutls-3.7.2-13_openEuler-SA-2024-1506.json index 714c8dc..d4f88fb 100644 --- a/cusa/g/gnutls/gnutls-3.7.2-13_openEuler-SA-2024-1506.json +++ b/cusa/g/gnutls/gnutls-3.7.2-13_openEuler-SA-2024-1506.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2024-1506", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1506", "title": "An update for gnutls is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.(CVE-2024-28835)", "cves": [ { "id": "CVE-2024-28835", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28835", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gnutls/gnutls-3.7.2-3_openEuler-SA-2022-1822.json b/cusa/g/gnutls/gnutls-3.7.2-3_openEuler-SA-2022-1822.json index 823eef7..a5a276d 100644 --- a/cusa/g/gnutls/gnutls-3.7.2-3_openEuler-SA-2022-1822.json +++ b/cusa/g/gnutls/gnutls-3.7.2-3_openEuler-SA-2022-1822.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1822", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1822", "title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures.The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.(CVE-2022-2509)", "cves": [ { "id": "CVE-2022-2509", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2509", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/gnutls/gnutls-3.7.2-4_openEuler-SA-2022-1889.json b/cusa/g/gnutls/gnutls-3.7.2-4_openEuler-SA-2022-1889.json index 3ef61d3..b4678dd 100644 --- a/cusa/g/gnutls/gnutls-3.7.2-4_openEuler-SA-2022-1889.json +++ b/cusa/g/gnutls/gnutls-3.7.2-4_openEuler-SA-2022-1889.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-1889", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-1889", "title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures.The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.(CVE-2021-4209)", "cves": [ { "id": "CVE-2021-4209", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4209", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gnutls/gnutls-3.7.2-7_openEuler-SA-2023-1126.json b/cusa/g/gnutls/gnutls-3.7.2-7_openEuler-SA-2023-1126.json index 493a29b..b3fd313 100644 --- a/cusa/g/gnutls/gnutls-3.7.2-7_openEuler-SA-2023-1126.json +++ b/cusa/g/gnutls/gnutls-3.7.2-7_openEuler-SA-2023-1126.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1126", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1126", "title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Moderate", + "severity": "Medium", "description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.(CVE-2023-0361)", "cves": [ { "id": "CVE-2023-0361", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0361", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/gnutls/gnutls-3.7.2-9_openEuler-SA-2023-1867.json b/cusa/g/gnutls/gnutls-3.7.2-9_openEuler-SA-2023-1867.json index 155477b..2b6a29f 100644 --- a/cusa/g/gnutls/gnutls-3.7.2-9_openEuler-SA-2023-1867.json +++ b/cusa/g/gnutls/gnutls-3.7.2-9_openEuler-SA-2023-1867.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1867", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1867", "title": "An update for gnutls is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Moderate", + "severity": "Medium", "description": "GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, and other required structures. The project strives to provide a secure communications back-end, simple to use and integrated with the rest of the base Linux libraries. A back-end designed to work and be secure out of the box, keeping the complexity of TLS and PKI out of application code.\r\n\r\nSecurity Fix(es):\r\n\r\nA vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.(CVE-2023-5981)", "cves": [ { "id": "CVE-2023-5981", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5981", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-10_openEuler-SA-2022-2004.json b/cusa/g/golang/golang-1.17.3-10_openEuler-SA-2022-2004.json index 1c328c0..1a5c327 100644 --- a/cusa/g/golang/golang-1.17.3-10_openEuler-SA-2022-2004.json +++ b/cusa/g/golang/golang-1.17.3-10_openEuler-SA-2022-2004.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2004", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2004", "title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "The Go Programming Language\r\n\r\nSecurity Fix(es):\r\n\r\nReader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.(CVE-2022-2879)\r\n\r\nRequests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparseable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.(CVE-2022-2880)\r\n\r\nPrograms which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.(CVE-2022-41715)", "cves": [ { "id": "CVE-2022-41715", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-12_openEuler-SA-2022-2115.json b/cusa/g/golang/golang-1.17.3-12_openEuler-SA-2022-2115.json index 00f0a4e..f62258d 100644 --- a/cusa/g/golang/golang-1.17.3-12_openEuler-SA-2022-2115.json +++ b/cusa/g/golang/golang-1.17.3-12_openEuler-SA-2022-2115.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2022-2115", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2115", "title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS", - "severity": "Important", + "severity": "High", "description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nDue to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\".(CVE-2022-41716)", "cves": [ { "id": "CVE-2022-41716", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41716", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-14_openEuler-SA-2023-1082.json b/cusa/g/golang/golang-1.17.3-14_openEuler-SA-2023-1082.json index ae06799..9d8be19 100644 --- a/cusa/g/golang/golang-1.17.3-14_openEuler-SA-2023-1082.json +++ b/cusa/g/golang/golang-1.17.3-14_openEuler-SA-2023-1082.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1082", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1082", "title": "An update for golang is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "The Go Programming Language\r\n\r\nSecurity Fix(es):\r\n\r\nAn attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.(CVE-2022-41717)", "cves": [ { "id": "CVE-2022-41717", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-15_openEuler-SA-2023-1192.json b/cusa/g/golang/golang-1.17.3-15_openEuler-SA-2023-1192.json index 00fe346..4bad7ef 100644 --- a/cusa/g/golang/golang-1.17.3-15_openEuler-SA-2023-1192.json +++ b/cusa/g/golang/golang-1.17.3-15_openEuler-SA-2023-1192.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1192", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1192", "title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "The Go Programming Language.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nA maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.(CVE-2022-41723)\r\n\r\nLarge handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).(CVE-2022-41724)\r\n\r\nA denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.(CVE-2022-41725)", "cves": [ { "id": "CVE-2022-41725", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-16_openEuler-SA-2023-1237.json b/cusa/g/golang/golang-1.17.3-16_openEuler-SA-2023-1237.json index 706d5ff..b2bc730 100644 --- a/cusa/g/golang/golang-1.17.3-16_openEuler-SA-2023-1237.json +++ b/cusa/g/golang/golang-1.17.3-16_openEuler-SA-2023-1237.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1237", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1237", "title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nMultipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.(CVE-2023-24536)\r\n\r\nHTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.(CVE-2023-24534)\r\n\r\nTemplates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.(CVE-2023-24538)\r\n\r\nCalling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.(CVE-2023-24537)", "cves": [ { "id": "CVE-2023-24537", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-18_openEuler-SA-2023-1294.json b/cusa/g/golang/golang-1.17.3-18_openEuler-SA-2023-1294.json index 5d1949c..05c9204 100644 --- a/cusa/g/golang/golang-1.17.3-18_openEuler-SA-2023-1294.json +++ b/cusa/g/golang/golang-1.17.3-18_openEuler-SA-2023-1294.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1294", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1294", "title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1", - "severity": "Important", + "severity": "High", "description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nTemplates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.(CVE-2023-29400)\r\n\r\nAngle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.(CVE-2023-24539)\r\n\r\nNot all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.(CVE-2023-24540)", "cves": [ { "id": "CVE-2023-24540", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-19_openEuler-SA-2023-1404.json b/cusa/g/golang/golang-1.17.3-19_openEuler-SA-2023-1404.json index 74a1466..912288c 100644 --- a/cusa/g/golang/golang-1.17.3-19_openEuler-SA-2023-1404.json +++ b/cusa/g/golang/golang-1.17.3-19_openEuler-SA-2023-1404.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1404", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1404", "title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": "The Go Programming Language\n\nSecurity Fix(es):\n\nOn Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.(CVE-2023-29403)", "cves": [ { "id": "CVE-2023-29403", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", - "severity": "Important" + "severity": "High" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-20_openEuler-SA-2023-1502.json b/cusa/g/golang/golang-1.17.3-20_openEuler-SA-2023-1502.json index f72332c..355760a 100644 --- a/cusa/g/golang/golang-1.17.3-20_openEuler-SA-2023-1502.json +++ b/cusa/g/golang/golang-1.17.3-20_openEuler-SA-2023-1502.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1502", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1502", "title": "An update for golang is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "The Go Programming Language.\r\n\r\nSecurity Fix(es):\r\n\r\nThe HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.(CVE-2023-29406)", "cves": [ { "id": "CVE-2023-29406", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-21_openEuler-SA-2023-1530.json b/cusa/g/golang/golang-1.17.3-21_openEuler-SA-2023-1530.json index 154934a..518a469 100644 --- a/cusa/g/golang/golang-1.17.3-21_openEuler-SA-2023-1530.json +++ b/cusa/g/golang/golang-1.17.3-21_openEuler-SA-2023-1530.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1530", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1530", "title": "An update for golang is now available for openEuler-22.03-LTS", - "severity": "Moderate", + "severity": "Medium", "description": "The Go Programming Language.\n\nSecurity Fix(es):\n\nExtremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.(CVE-2023-29409)", "cves": [ { "id": "CVE-2023-29409", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", - "severity": "Moderate" + "severity": "Medium" } ] } \ No newline at end of file diff --git a/cusa/g/golang/golang-1.17.3-25_openEuler-SA-2023-1789.json b/cusa/g/golang/golang-1.17.3-25_openEuler-SA-2023-1789.json index 6d95568..3fc84a4 100644 --- a/cusa/g/golang/golang-1.17.3-25_openEuler-SA-2023-1789.json +++ b/cusa/g/golang/golang-1.17.3-25_openEuler-SA-2023-1789.json @@ -2,13 +2,13 @@ "id": "openEuler-SA-2023-1789", "url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2023-1789", "title": "An update for golang is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2", - "severity": "Important", + "severity": "High", "description": ".\r\n\r\nSecurity Fix(es):\r\n\r\nThe html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in