Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-0804 (GCVE-0-2019-0804)
Vulnerability from cvelistv5 – Published: 2019-04-09 02:32 – Updated: 2024-08-04 17:58
VLAI
EPSS
Summary
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:1527 | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2019-03-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"
},
{
"name": "RHSA-2019:1527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1527"
},
{
"name": "openSUSE-SU-2020:0261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Azure",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "multiple"
}
]
}
],
"datePublic": "2019-03-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-01T00:06:05.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"
},
{
"name": "RHSA-2019:1527",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1527"
},
{
"name": "openSUSE-SU-2020:0261",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure",
"version": {
"version_data": [
{
"version_value": "multiple"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"
},
{
"name": "RHSA-2019:1527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1527"
},
{
"name": "openSUSE-SU-2020:0261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0804",
"datePublished": "2019-04-09T02:32:46.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:58:59.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-0804",
"date": "2026-05-29",
"epss": "0.03688",
"percentile": "0.88132"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:walinuxagent:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.2.38\", \"matchCriteriaId\": \"685B4D91-B775-4004-8A40-4239687F7B88\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n en la manera en que Azure WaLinuxAgent crea archivos de intercambio en discos de recursos, tambi\\u00e9n se conoce como \\\"Azure Linux Agent Information Disclosure Vulnerability\\\".\"}]",
"id": "CVE-2019-0804",
"lastModified": "2024-11-21T04:17:18.673",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-04-09T03:29:00.843",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1527\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1527\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-0804\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-04-09T03:29:00.843\",\"lastModified\":\"2024-11-21T04:17:18.673\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la manera en que Azure WaLinuxAgent crea archivos de intercambio en discos de recursos, tambi\u00e9n se conoce como \\\"Azure Linux Agent Information Disclosure Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:walinuxagent:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.38\",\"matchCriteriaId\":\"685B4D91-B775-4004-8A40-4239687F7B88\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1527\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1527\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2019-AVI-160
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2019 | ||
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 3.2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 22 | ||
| Microsoft | Azure | Azure DevOps Server 2019 | ||
| Microsoft | N/A | Team Foundation Server 2017 Update 3.1 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 1 | ||
| Microsoft | N/A | Microsoft Exchange Server 2010 Service Pack 3 | ||
| Microsoft | N/A | Team Foundation Server 2018 Updated 1.2 | ||
| Microsoft | N/A | Open Enclave SDK | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 12 | ||
| Microsoft | Azure | Azure Linux Guest Agent | ||
| Microsoft | N/A | Team Foundation Server 2015 Update 4.2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 11 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2019",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2017 Update 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2010 Service Pack 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Updated 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Open Enclave SDK",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Linux Guest Agent",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2015 Update 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0829",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0829"
},
{
"name": "CVE-2019-0858",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0858"
},
{
"name": "CVE-2019-0874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0874"
},
{
"name": "CVE-2019-0867",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0867"
},
{
"name": "CVE-2019-0806",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0806"
},
{
"name": "CVE-2019-0810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0810"
},
{
"name": "CVE-2019-0817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0817"
},
{
"name": "CVE-2019-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0861"
},
{
"name": "CVE-2019-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0866"
},
{
"name": "CVE-2019-0868",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0868"
},
{
"name": "CVE-2019-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0876"
},
{
"name": "CVE-2019-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0804"
},
{
"name": "CVE-2019-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0739"
},
{
"name": "CVE-2019-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0870"
},
{
"name": "CVE-2019-0875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0875"
},
{
"name": "CVE-2019-0869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0869"
},
{
"name": "CVE-2019-0857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0857"
},
{
"name": "CVE-2019-0871",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0871"
},
{
"name": "CVE-2019-0860",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0860"
},
{
"name": "CVE-2019-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0812"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-160",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 avril 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CERTFR-2019-AVI-160
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation d'identité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2019 | ||
| Microsoft | N/A | ChakraCore | ||
| Microsoft | N/A | Team Foundation Server 2018 Update 3.2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 22 | ||
| Microsoft | Azure | Azure DevOps Server 2019 | ||
| Microsoft | N/A | Team Foundation Server 2017 Update 3.1 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 1 | ||
| Microsoft | N/A | Microsoft Exchange Server 2010 Service Pack 3 | ||
| Microsoft | N/A | Team Foundation Server 2018 Updated 1.2 | ||
| Microsoft | N/A | Open Enclave SDK | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 12 | ||
| Microsoft | Azure | Azure Linux Guest Agent | ||
| Microsoft | N/A | Team Foundation Server 2015 Update 4.2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 11 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2019",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "ChakraCore",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Update 3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure DevOps Server 2019",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2017 Update 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2010 Service Pack 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2018 Updated 1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Open Enclave SDK",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Linux Guest Agent",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Team Foundation Server 2015 Update 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0829",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0829"
},
{
"name": "CVE-2019-0858",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0858"
},
{
"name": "CVE-2019-0874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0874"
},
{
"name": "CVE-2019-0867",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0867"
},
{
"name": "CVE-2019-0806",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0806"
},
{
"name": "CVE-2019-0810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0810"
},
{
"name": "CVE-2019-0817",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0817"
},
{
"name": "CVE-2019-0861",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0861"
},
{
"name": "CVE-2019-0866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0866"
},
{
"name": "CVE-2019-0868",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0868"
},
{
"name": "CVE-2019-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0876"
},
{
"name": "CVE-2019-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0804"
},
{
"name": "CVE-2019-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0739"
},
{
"name": "CVE-2019-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0870"
},
{
"name": "CVE-2019-0875",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0875"
},
{
"name": "CVE-2019-0869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0869"
},
{
"name": "CVE-2019-0857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0857"
},
{
"name": "CVE-2019-0871",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0871"
},
{
"name": "CVE-2019-0860",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0860"
},
{
"name": "CVE-2019-0812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0812"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-160",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 avril 2019",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
Title
Уязвимость программного обеспечения для взаимодействия виртуальных машин Linux и FreeBSD с контроллером структуры Azure Windows Azure Linux Agent, связанная с неправильным назначением разрешений для файлов подкачки, позволяющая нарушителю получить несанкционированный доступ к информации
Description
Уязвимость программного обеспечения для взаимодействия виртуальных машин Linux и FreeBSD с контроллером структуры Azure Windows Azure Linux Agent связана с неправильным назначением разрешений для файлов подкачки. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к информации путем чтения файлов подкачки произвольным пользователем
Severity
Vendor
Сообщество свободного программного обеспечения, Microsoft Corp
Software Name
Debian GNU/Linux, Windows Azure Linux Agent
Software Version
9 (Debian GNU/Linux), до 2.2.38 (Windows Azure Linux Agent), 8 (Debian GNU/Linux)
Possible Mitigations
Для Windows Azure Linux Agent:
Обновление программного обеспечения до 2.2.34 или более поздней версии
Для Debian:
Обновление программного обеспечения (пакета waagent) до 2.2.18-3~deb9u2 или более поздней версии
Reference
https://bugzilla.redhat.com/show_bug.cgi?id=1684181
https://access.redhat.com/security/cve/cve-2019-0804
https://security-tracker.debian.org/tracker/CVE-2019-0804
CWE
CWE-732
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), \u0434\u043e 2.2.38 (Windows Azure Linux Agent), 8 (Debian GNU/Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Windows Azure Linux Agent:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 2.2.34 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 waagent) \u0434\u043e 2.2.18-3~deb9u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.02.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.04.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01545",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-0804",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Windows Azure Linux Agent",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d Linux \u0438 FreeBSD \u0441 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u043c \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b Azure Windows Azure Linux Agent, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e\u0434\u043a\u0430\u0447\u043a\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (CWE-732)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d Linux \u0438 FreeBSD \u0441 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u043c \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b Azure Windows Azure Linux Agent \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e\u0434\u043a\u0430\u0447\u043a\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u0447\u0442\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432 \u043f\u043e\u0434\u043a\u0430\u0447\u043a\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.redhat.com/show_bug.cgi?id=1684181\nhttps://access.redhat.com/security/cve/cve-2019-0804\nhttps://security-tracker.debian.org/tracker/CVE-2019-0804",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-732",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,7)"
}
Title
WALinuxAgent信息泄露漏洞
Description
WALinuxAgent中存在安全漏洞,该漏洞源于程序所创建的swap文件带有不正确的权限。本地攻击者可利用该漏洞从swap文件中获取敏感信息。
Severity
低
Patch Name
WALinuxAgent信息泄露漏洞的补丁
Patch Description
WALinuxAgent中存在安全漏洞,该漏洞源于程序所创建的swap文件带有不正确的权限。本地攻击者可利用该漏洞从swap文件中获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布新版本,以修复此安全问题,详情请关注厂商主页: https://github.com/Azure/WALinuxAgent
Reference
https://www.debian.org/security/2019/dsa-4406
https://packetstormsecurity.com/files/152063/Ubuntu-Security-Notice-USN-3907-1.html
Impacted products
| Name | ['Canonical Ltd. Ubuntu 18.10', 'Canonical Ltd. Ubuntu 18.04 LTS', 'Canonical Ltd. Ubuntu 16.04 LTS', 'Canonical Ltd. Ubuntu 14.04 LTS', 'WALinuxAgent WALinuxAgent'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-0804"
}
},
"description": "WALinuxAgent\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6240\u521b\u5efa\u7684swap\u6587\u4ef6\u5e26\u6709\u4e0d\u6b63\u786e\u7684\u6743\u9650\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4eceswap\u6587\u4ef6\u4e2d\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "unknwon",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u65b0\u7248\u672c\uff0c\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://github.com/Azure/WALinuxAgent",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-07335",
"openTime": "2019-03-16",
"patchDescription": "WALinuxAgent\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6240\u521b\u5efa\u7684swap\u6587\u4ef6\u5e26\u6709\u4e0d\u6b63\u786e\u7684\u6743\u9650\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4eceswap\u6587\u4ef6\u4e2d\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "WALinuxAgent\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Canonical Ltd. Ubuntu 18.10",
"Canonical Ltd. Ubuntu 18.04 LTS",
"Canonical Ltd. Ubuntu 16.04 LTS",
"Canonical Ltd. Ubuntu 14.04 LTS",
"WALinuxAgent WALinuxAgent"
]
},
"referenceLink": "https://www.debian.org/security/2019/dsa-4406\r\nhttps://packetstormsecurity.com/files/152063/Ubuntu-Security-Notice-USN-3907-1.html",
"serverity": "\u4f4e",
"submitTime": "2019-03-13",
"title": "WALinuxAgent\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2019-0804
Vulnerability from fkie_nvd - Published: 2019-04-09 03:29 - Updated: 2024-11-21 04:17
Severity
Summary
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | walinuxagent | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:walinuxagent:*:*:*:*:*:*:*:*",
"matchCriteriaId": "685B4D91-B775-4004-8A40-4239687F7B88",
"versionEndExcluding": "2.2.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la manera en que Azure WaLinuxAgent crea archivos de intercambio en discos de recursos, tambi\u00e9n se conoce como \"Azure Linux Agent Information Disclosure Vulnerability\"."
}
],
"id": "CVE-2019-0804",
"lastModified": "2024-11-21T04:17:18.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-09T03:29:00.843",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"
},
{
"source": "secure@microsoft.com",
"url": "https://access.redhat.com/errata/RHSA-2019:1527"
},
{
"source": "secure@microsoft.com",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WCCR-WH3M-8Q5C
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21
VLAI
Details
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.
Severity
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-0804"
],
"database_specific": {
"cwe_ids": [
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-09T03:29:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027.",
"id": "GHSA-wccr-wh3m-8q5c",
"modified": "2022-05-13T01:21:36Z",
"published": "2022-05-13T01:21:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0804"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1527"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2019-0804
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-0804",
"description": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027.",
"id": "GSD-2019-0804",
"references": [
"https://www.suse.com/security/cve/CVE-2019-0804.html",
"https://www.debian.org/security/2019/dsa-4406",
"https://access.redhat.com/errata/RHSA-2019:1527",
"https://ubuntu.com/security/CVE-2019-0804",
"https://linux.oracle.com/cve/CVE-2019-0804.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-0804"
],
"details": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027.",
"id": "GSD-2019-0804",
"modified": "2023-12-13T01:23:39.661672Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure",
"version": {
"version_data": [
{
"version_value": "multiple"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"
},
{
"name": "RHSA-2019:1527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1527"
},
{
"name": "openSUSE-SU-2020:0261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:walinuxagent:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.38",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0804"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"
},
{
"name": "RHSA-2019:1527",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2019:1527"
},
{
"name": "openSUSE-SU-2020:0261",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00037.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2019-04-09T03:29Z"
}
}
}
OPENSUSE-SU-2019:1106-1
Vulnerability from csaf_opensuse - Published: 2019-04-02 11:00 - Updated: 2019-04-02 11:00Summary
Security update for python-azure-agent
Severity
Important
Notes
Title of the patch: Security update for python-azure-agent
Description of the patch: This update for python-azure-agent fixes the following issues:
- CVE-2019-0804: An issue with swapfile handling in the agent created a data leak situation that exposes system memory data. (bsc#1127838)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames: openSUSE-2019-1106
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.0:python-azure-agent-2.2.36-lp150.5.10.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.0:python-azure-agent-test-2.2.36-lp150.5.10.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-azure-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-azure-agent fixes the following issues:\n\n- CVE-2019-0804: An issue with swapfile handling in the agent created a data leak situation that exposes system memory data. (bsc#1127838)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1106",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1106-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1106-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IVVRHSJEIAKPRMRYUNEMTIHGMUIYZEMP/#IVVRHSJEIAKPRMRYUNEMTIHGMUIYZEMP"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1106-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IVVRHSJEIAKPRMRYUNEMTIHGMUIYZEMP/#IVVRHSJEIAKPRMRYUNEMTIHGMUIYZEMP"
},
{
"category": "self",
"summary": "SUSE Bug 1127838",
"url": "https://bugzilla.suse.com/1127838"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-0804 page",
"url": "https://www.suse.com/security/cve/CVE-2019-0804/"
}
],
"title": "Security update for python-azure-agent",
"tracking": {
"current_release_date": "2019-04-02T11:00:03Z",
"generator": {
"date": "2019-04-02T11:00:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1106-1",
"initial_release_date": "2019-04-02T11:00:03Z",
"revision_history": [
{
"date": "2019-04-02T11:00:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-azure-agent-2.2.36-lp150.5.10.1.noarch",
"product": {
"name": "python-azure-agent-2.2.36-lp150.5.10.1.noarch",
"product_id": "python-azure-agent-2.2.36-lp150.5.10.1.noarch"
}
},
{
"category": "product_version",
"name": "python-azure-agent-test-2.2.36-lp150.5.10.1.noarch",
"product": {
"name": "python-azure-agent-test-2.2.36-lp150.5.10.1.noarch",
"product_id": "python-azure-agent-test-2.2.36-lp150.5.10.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-2.2.36-lp150.5.10.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-azure-agent-2.2.36-lp150.5.10.1.noarch"
},
"product_reference": "python-azure-agent-2.2.36-lp150.5.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-test-2.2.36-lp150.5.10.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:python-azure-agent-test-2.2.36-lp150.5.10.1.noarch"
},
"product_reference": "python-azure-agent-test-2.2.36-lp150.5.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-0804"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:python-azure-agent-2.2.36-lp150.5.10.1.noarch",
"openSUSE Leap 15.0:python-azure-agent-test-2.2.36-lp150.5.10.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-0804",
"url": "https://www.suse.com/security/cve/CVE-2019-0804"
},
{
"category": "external",
"summary": "SUSE Bug 1127838 for CVE-2019-0804",
"url": "https://bugzilla.suse.com/1127838"
},
{
"category": "external",
"summary": "SUSE Bug 1152980 for CVE-2019-0804",
"url": "https://bugzilla.suse.com/1152980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:python-azure-agent-2.2.36-lp150.5.10.1.noarch",
"openSUSE Leap 15.0:python-azure-agent-test-2.2.36-lp150.5.10.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:python-azure-agent-2.2.36-lp150.5.10.1.noarch",
"openSUSE Leap 15.0:python-azure-agent-test-2.2.36-lp150.5.10.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-02T11:00:03Z",
"details": "low"
}
],
"title": "CVE-2019-0804"
}
]
}
OPENSUSE-SU-2020:0261-1
Vulnerability from csaf_opensuse - Published: 2020-02-29 17:14 - Updated: 2020-02-29 17:14Summary
Security update for python-azure-agent
Severity
Moderate
Notes
Title of the patch: Security update for python-azure-agent
Description of the patch: This update for python-azure-agent fixes the following issues:
python-azure-agent was updated to version 2.2.45 (jsc#ECO-80)
+ Add support for Gen2 VM resource disks
+ Use alternate systemd detection
+ Fix /proc/net/route requirement that causes errors on FreeBSD
+ Add cloud-init auto-detect to prevent multiple provisioning mechanisms
from relying on configuration for coordination
+ Disable cgroups when daemon is setup incorrectly
+ Remove upgrade extension loop for the same goal state
+ Add container id for extension telemetry events
+ Be more exact when detecting IMDS service health
+ Changing add_event to start sending missing fields
From 2.2.44 update:
+ Remove outdated extension ZIP packages
+ Improved error handling when starting extensions using systemd
+ Reduce provisioning time of some custom images
+ Improve the handling of extension download errors
+ New API for extension authors to handle errors during extension update
+ Fix handling of errors in calls to openssl
+ Improve logic to determine current distro
+ Reduce verbosity of several logging statements
From 2.2.42 update:
+ Poll for artifact blob, addresses goal state procesing issue
From 2.2.41 update:
+ Rewriting the mechanism to start the extension using systemd-run for
systems using systemd for managing
+ Refactoring of resource monitoring framework using cgroup for both
systemd and non-systemd approaches [#1530, #1534]
+ Telemetry pipeline for resource monitoring data
From 2.2.40 update:
+ Fixed tracking of memory/cpu usage
+ Do not prevent extensions from running if setting up cgroups fails
+ Enable systemd-aware deprovisioning on all versions >= 18.04
+ Add systemd support for Debian Jessie, Stretch, and Buster
+ Support for Linux Openwrt
From 2.2.38 update:
Security issue fixed:
+ CVE-2019-0804: An issue with swapfile handling in the agent creates
a data leak situation that exposes system memory data. (bsc#1127838)
+ Add fixes for handling swap file and other nit fixes
From 2.2.37 update:
+ Improves re-try logic to handle errors while downloading extensions
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-261
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:python-azure-agent-2.2.45-lp151.2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:python-azure-agent-test-2.2.45-lp151.2.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-azure-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-azure-agent fixes the following issues:\n\npython-azure-agent was updated to version 2.2.45 (jsc#ECO-80)\n\n+ Add support for Gen2 VM resource disks\n+ Use alternate systemd detection\n+ Fix /proc/net/route requirement that causes errors on FreeBSD\n+ Add cloud-init auto-detect to prevent multiple provisioning mechanisms\n from relying on configuration for coordination\n+ Disable cgroups when daemon is setup incorrectly\n+ Remove upgrade extension loop for the same goal state\n+ Add container id for extension telemetry events\n+ Be more exact when detecting IMDS service health\n+ Changing add_event to start sending missing fields\n\nFrom 2.2.44 update:\n\n+ Remove outdated extension ZIP packages\n+ Improved error handling when starting extensions using systemd\n+ Reduce provisioning time of some custom images\n+ Improve the handling of extension download errors\n+ New API for extension authors to handle errors during extension update\n+ Fix handling of errors in calls to openssl\n+ Improve logic to determine current distro\n+ Reduce verbosity of several logging statements\n\nFrom 2.2.42 update:\n\n+ Poll for artifact blob, addresses goal state procesing issue\n\nFrom 2.2.41 update:\n\n+ Rewriting the mechanism to start the extension using systemd-run for\n systems using systemd for managing\n+ Refactoring of resource monitoring framework using cgroup for both\n systemd and non-systemd approaches [#1530, #1534]\n+ Telemetry pipeline for resource monitoring data\n\nFrom 2.2.40 update:\n\n+ Fixed tracking of memory/cpu usage\n+ Do not prevent extensions from running if setting up cgroups fails\n+ Enable systemd-aware deprovisioning on all versions \u003e= 18.04\n+ Add systemd support for Debian Jessie, Stretch, and Buster\n+ Support for Linux Openwrt\n\nFrom 2.2.38 update:\n\nSecurity issue fixed:\n+ CVE-2019-0804: An issue with swapfile handling in the agent creates\n a data leak situation that exposes system memory data. (bsc#1127838)\n+ Add fixes for handling swap file and other nit fixes\n\nFrom 2.2.37 update:\n+ Improves re-try logic to handle errors while downloading extensions\n\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-261",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0261-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0261-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHKGZ5ZRZX2UW3S2O7UNPYI7CRK4C5TE/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0261-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SHKGZ5ZRZX2UW3S2O7UNPYI7CRK4C5TE/"
},
{
"category": "self",
"summary": "SUSE Bug 1127838",
"url": "https://bugzilla.suse.com/1127838"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-0804 page",
"url": "https://www.suse.com/security/cve/CVE-2019-0804/"
}
],
"title": "Security update for python-azure-agent",
"tracking": {
"current_release_date": "2020-02-29T17:14:01Z",
"generator": {
"date": "2020-02-29T17:14:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0261-1",
"initial_release_date": "2020-02-29T17:14:01Z",
"revision_history": [
{
"date": "2020-02-29T17:14:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-azure-agent-2.2.45-lp151.2.3.1.noarch",
"product": {
"name": "python-azure-agent-2.2.45-lp151.2.3.1.noarch",
"product_id": "python-azure-agent-2.2.45-lp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-azure-agent-test-2.2.45-lp151.2.3.1.noarch",
"product": {
"name": "python-azure-agent-test-2.2.45-lp151.2.3.1.noarch",
"product_id": "python-azure-agent-test-2.2.45-lp151.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-2.2.45-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-azure-agent-2.2.45-lp151.2.3.1.noarch"
},
"product_reference": "python-azure-agent-2.2.45-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-test-2.2.45-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python-azure-agent-test-2.2.45-lp151.2.3.1.noarch"
},
"product_reference": "python-azure-agent-test-2.2.45-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-0804"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python-azure-agent-2.2.45-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:python-azure-agent-test-2.2.45-lp151.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-0804",
"url": "https://www.suse.com/security/cve/CVE-2019-0804"
},
{
"category": "external",
"summary": "SUSE Bug 1127838 for CVE-2019-0804",
"url": "https://bugzilla.suse.com/1127838"
},
{
"category": "external",
"summary": "SUSE Bug 1152980 for CVE-2019-0804",
"url": "https://bugzilla.suse.com/1152980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python-azure-agent-2.2.45-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:python-azure-agent-test-2.2.45-lp151.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python-azure-agent-2.2.45-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:python-azure-agent-test-2.2.45-lp151.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-02-29T17:14:01Z",
"details": "low"
}
],
"title": "CVE-2019-0804"
}
]
}
OPENSUSE-SU-2024:11217-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python-azure-agent-2.2.49.2-4.5 on GA media
Severity
Moderate
Notes
Title of the patch: python-azure-agent-2.2.49.2-4.5 on GA media
Description of the patch: These are all security issues fixed in the python-azure-agent-2.2.49.2-4.5 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11217
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
6 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2019-0804/ | self |
| https://www.suse.com/security/cve/CVE-2019-0804 | external |
| https://bugzilla.suse.com/1127838 | external |
| https://bugzilla.suse.com/1152980 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python-azure-agent-2.2.49.2-4.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python-azure-agent-2.2.49.2-4.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11217",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11217-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-0804 page",
"url": "https://www.suse.com/security/cve/CVE-2019-0804/"
}
],
"title": "python-azure-agent-2.2.49.2-4.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11217-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-azure-agent-2.2.49.2-4.5.aarch64",
"product": {
"name": "python-azure-agent-2.2.49.2-4.5.aarch64",
"product_id": "python-azure-agent-2.2.49.2-4.5.aarch64"
}
},
{
"category": "product_version",
"name": "python-azure-agent-test-2.2.49.2-4.5.aarch64",
"product": {
"name": "python-azure-agent-test-2.2.49.2-4.5.aarch64",
"product_id": "python-azure-agent-test-2.2.49.2-4.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-azure-agent-2.2.49.2-4.5.ppc64le",
"product": {
"name": "python-azure-agent-2.2.49.2-4.5.ppc64le",
"product_id": "python-azure-agent-2.2.49.2-4.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python-azure-agent-test-2.2.49.2-4.5.ppc64le",
"product": {
"name": "python-azure-agent-test-2.2.49.2-4.5.ppc64le",
"product_id": "python-azure-agent-test-2.2.49.2-4.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-azure-agent-2.2.49.2-4.5.s390x",
"product": {
"name": "python-azure-agent-2.2.49.2-4.5.s390x",
"product_id": "python-azure-agent-2.2.49.2-4.5.s390x"
}
},
{
"category": "product_version",
"name": "python-azure-agent-test-2.2.49.2-4.5.s390x",
"product": {
"name": "python-azure-agent-test-2.2.49.2-4.5.s390x",
"product_id": "python-azure-agent-test-2.2.49.2-4.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-azure-agent-2.2.49.2-4.5.x86_64",
"product": {
"name": "python-azure-agent-2.2.49.2-4.5.x86_64",
"product_id": "python-azure-agent-2.2.49.2-4.5.x86_64"
}
},
{
"category": "product_version",
"name": "python-azure-agent-test-2.2.49.2-4.5.x86_64",
"product": {
"name": "python-azure-agent-test-2.2.49.2-4.5.x86_64",
"product_id": "python-azure-agent-test-2.2.49.2-4.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-2.2.49.2-4.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.aarch64"
},
"product_reference": "python-azure-agent-2.2.49.2-4.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-2.2.49.2-4.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.ppc64le"
},
"product_reference": "python-azure-agent-2.2.49.2-4.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-2.2.49.2-4.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.s390x"
},
"product_reference": "python-azure-agent-2.2.49.2-4.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-2.2.49.2-4.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.x86_64"
},
"product_reference": "python-azure-agent-2.2.49.2-4.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-test-2.2.49.2-4.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.aarch64"
},
"product_reference": "python-azure-agent-test-2.2.49.2-4.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-test-2.2.49.2-4.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.ppc64le"
},
"product_reference": "python-azure-agent-test-2.2.49.2-4.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-test-2.2.49.2-4.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.s390x"
},
"product_reference": "python-azure-agent-test-2.2.49.2-4.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-azure-agent-test-2.2.49.2-4.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.x86_64"
},
"product_reference": "python-azure-agent-test-2.2.49.2-4.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0804",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-0804"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka \u0027Azure Linux Agent Information Disclosure Vulnerability\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.aarch64",
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.ppc64le",
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.s390x",
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.x86_64",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.aarch64",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.ppc64le",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.s390x",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-0804",
"url": "https://www.suse.com/security/cve/CVE-2019-0804"
},
{
"category": "external",
"summary": "SUSE Bug 1127838 for CVE-2019-0804",
"url": "https://bugzilla.suse.com/1127838"
},
{
"category": "external",
"summary": "SUSE Bug 1152980 for CVE-2019-0804",
"url": "https://bugzilla.suse.com/1152980"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.aarch64",
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.ppc64le",
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.s390x",
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.x86_64",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.aarch64",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.ppc64le",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.s390x",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.aarch64",
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.ppc64le",
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.s390x",
"openSUSE Tumbleweed:python-azure-agent-2.2.49.2-4.5.x86_64",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.aarch64",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.ppc64le",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.s390x",
"openSUSE Tumbleweed:python-azure-agent-test-2.2.49.2-4.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-0804"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…