guix_mirror_bot pushed a commit to branch master
in repository guix.
commit d431f4620a4c077383e1168f932e86c99ae33834
Author: Nicolas Graves <[email protected]>
AuthorDate: Tue Aug 26 13:17:16 2025 +0200
cve: Upgrade to JSON 2.0 feeds.
Fixes guix/guix#2213. The 1.1-formatted-data is no longer available
from NIST.
* guix/cve.scm (string->date*, <cve-item>,
reference-data->cve-configuration, cpe-match->cve-configuration,
configuration-data->cve-configurations, json->cve-items,
yearly-feed-uri, cve-item->vulnerability): Upgrade to JSON 2.0 feeds
schema.
(<cve>): Remove uneeded record.
* tests/cve-sample.json: Update them. Remove CVE-2019-0005 (no value
added, lots of lines).
* tests/cve.scm (%expected-vulnerabilities): Upgrade accordingly.
(json->cve-items, vulnerabilities->lookup-proc tests): Update accordingly.
Signed-off-by: Ludovic Courtès <[email protected]>
---
guix/cve.scm | 105 +-
tests/cve-sample.json | 2951 ++++++++++++++++++++++++++++---------------------
tests/cve.scm | 67 +-
3 files changed, 1767 insertions(+), 1356 deletions(-)
diff --git a/guix/cve.scm b/guix/cve.scm
index 6a6d8406bf..8dc293e85d 100644
--- a/guix/cve.scm
+++ b/guix/cve.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès
<[email protected]>
+;;; Copyright © 2015-2021 Ludovic Courtès <[email protected]>
+;;; Copyright © 2025 Nicolas Graves <[email protected]>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -36,17 +37,11 @@
#:export (json->cve-items
cve-item?
- cve-item-cve
+ cve-item-id
cve-item-configurations
cve-item-published-date
cve-item-last-modified-date
- cve?
- cve-id
- cve-data-type
- cve-data-format
- cve-references
-
cve-reference?
cve-reference-url
cve-reference-tags
@@ -68,28 +63,17 @@
;;; Code:
(define (string->date* str)
- (string->date str "~Y-~m-~dT~H:~M~z"))
+ (string->date str "~Y-~m-~dT~H:~M:~S"))
(define-json-mapping <cve-item> cve-item cve-item?
json->cve-item
- (cve cve-item-cve "cve" json->cve) ;<cve>
- (configurations cve-item-configurations ;list of sexps
+ (id cve-item-id "id") ;string
+ (configurations cve-item-configurations ;list of sexps
"configurations" configuration-data->cve-configurations)
(published-date cve-item-published-date
- "publishedDate" string->date*)
+ "published" string->date*)
(last-modified-date cve-item-last-modified-date
- "lastModifiedDate" string->date*))
-
-(define-json-mapping <cve> cve cve?
- json->cve
- (id cve-id "CVE_data_meta" ;string
- (cut assoc-ref <> "ID"))
- (data-type cve-data-type ;'CVE
- "data_type" string->symbol)
- (data-format cve-data-format ;'MITRE
- "data_format" string->symbol)
- (references cve-references ;list of <cve-reference>
- "references" reference-data->cve-references))
+ "lastModified" string->date*))
(define-json-mapping <cve-reference> cve-reference cve-reference?
json->cve-reference
@@ -97,12 +81,6 @@
(tags cve-reference-tags ;list of strings
"tags" vector->list))
-(define (reference-data->cve-references alist)
- (map json->cve-reference
- ;; Normally "reference_data" is always present but rejected CVEs such
- ;; as CVE-2020-10020 can lack it.
- (vector->list (or (assoc-ref alist "reference_data") '#()))))
-
(define %cpe-package-rx
;; For applications: "cpe:2.3:a:VENDOR:PACKAGE:VERSION", or sometimes
;; "cpe:2.3:a:VENDOR:PACKAGE:VERSION:PATCH-LEVEL".
@@ -132,15 +110,15 @@ Return three #f values if CPE does not look like an
application CPE string."
(values #f #f #f))))
(define (cpe-match->cve-configuration alist)
- "Convert ALIST, a \"cpe_match\" alist, into an sexp representing the package
+ "Convert ALIST, a \"cpeMatch\" alist, into an sexp representing the package
and versions matched. Return #f if ALIST doesn't correspond to an application
package."
- (let ((cpe (assoc-ref alist "cpe23Uri"))
+ (let ((cpe (assoc-ref alist "criteria"))
(starti (assoc-ref alist "versionStartIncluding"))
(starte (assoc-ref alist "versionStartExcluding"))
(endi (assoc-ref alist "versionEndIncluding"))
(ende (assoc-ref alist "versionEndExcluding")))
- ;; Normally "cpe23Uri" is here in each "cpe_match" item, but CVE-2020-0534
+ ;; Normally "criteria" is here in each "cpeMatch" item, but CVE-2020-0534
;; has a configuration that lacks it.
(and cpe
(let ((vendor package version (cpe->package-identifier cpe)))
@@ -156,7 +134,7 @@ package."
(ende `(< ,ende))
(else version))))))))
-(define (configuration-data->cve-configurations alist)
+(define (configuration-data->cve-configurations vector)
"Given ALIST, a JSON dictionary for the baroque \"configurations\"
element found in CVEs, return an sexp such as (\"binutils\" (<
\"2.31\")) that represents matching configurations."
@@ -165,10 +143,13 @@ element found in CVEs, return an sexp such as
(\"binutils\" (<
("OR" 'or)
("AND" 'and)))
+ (define (maybe-vector->alist vector)
+ (vector->list (or (and (unspecified? vector) #()) vector #())))
+
(define (node->configuration node)
(let ((operator (string->operator (assoc-ref node "operator"))))
(cond
- ((assoc-ref node "cpe_match")
+ ((assoc-ref node "cpeMatch")
=>
(lambda (matches)
(let ((matches (vector->list matches)))
@@ -187,28 +168,31 @@ element found in CVEs, return an sexp such as
(\"binutils\" (<
(else
#f))))
- (let ((nodes (vector->list (assoc-ref alist "nodes"))))
+ (let* ((alist (maybe-vector->alist vector))
+ (nodes (if (null? alist)
+ '()
+ (maybe-vector->alist (assoc-ref (car alist) "nodes")))))
(filter-map node->configuration nodes)))
(define (json->cve-items json)
"Parse JSON, an input port or a string, and return a list of <cve-item>
records."
- (let* ((alist (json->scm json))
- (type (assoc-ref alist "CVE_data_type"))
- (format (assoc-ref alist "CVE_data_format"))
- (version (assoc-ref alist "CVE_data_version")))
- (unless (equal? type "CVE")
- (raise (condition (&message
- (message "invalid CVE feed")))))
- (unless (equal? format "MITRE")
- (raise (formatted-message (G_ "unsupported CVE format: '~a'")
- format)))
- (unless (equal? version "4.0")
- (raise (formatted-message (G_ "unsupported CVE data version: '~a'")
- version)))
-
- (map json->cve-item
- (vector->list (assoc-ref alist "CVE_Items")))))
+ (let ((alist (json->scm json)))
+ (match (assoc-ref alist "format")
+ ("NVD_CVE"
+ #t)
+ (format
+ (raise (formatted-message (G_ "unsupported CVE format: '~a'")
+ format))))
+ (match (assoc-ref alist "version")
+ ("2.0"
+ #t)
+ (version
+ (raise (formatted-message (G_ "unsupported CVE data version: '~a'")
+ version))))
+
+ (map (compose json->cve-item (cut assoc-ref <> "cve"))
+ (vector->list (assoc-ref alist "vulnerabilities")))))
(define (version-matches? version sexp)
"Return true if VERSION, a string, matches SEXP."
@@ -269,7 +253,7 @@ HIDDEN-VENDORS."
(define (yearly-feed-uri year)
"Return the URI for the CVE feed for YEAR."
(string->uri
- (string-append "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-";
+ (string-append "https://nvd.nist.gov/feeds/json/cve/2.0/nvdcve-2.0-";
(number->string year) ".json.gz")))
(define %current-year-ttl
@@ -352,14 +336,13 @@ matching versions."
"Return a <vulnerability> corresponding to ITEM, a <cve-item> record;
return #f if ITEM does not list any configuration or if it does not list
any \"a\" (application) configuration."
- (let ((id (cve-id (cve-item-cve item))))
- (match (cve-item-configurations item)
- (() ;no configurations
- #f)
- ((configs ...)
- (vulnerability id
- (merge-package-lists
- (map cve-configuration->package-list configs)))))))
+ (match (cve-item-configurations item)
+ (() ;no configurations
+ #f)
+ ((configs ...)
+ (vulnerability (cve-item-id item)
+ (merge-package-lists
+ (map cve-configuration->package-list configs))))))
(define (json->vulnerabilities json)
"Parse JSON, an input port or a string, and return the list of
diff --git a/tests/cve-sample.json b/tests/cve-sample.json
index 11b71817bb..bd7963cda5 100644
--- a/tests/cve-sample.json
+++ b/tests/cve-sample.json
@@ -1,1279 +1,1710 @@
{
- "CVE_data_type" : "CVE",
- "CVE_data_format" : "MITRE",
- "CVE_data_version" : "4.0",
- "CVE_data_numberOfCVEs" : "9826",
- "CVE_data_timestamp" : "2019-10-17T07:00Z",
- "CVE_Items" : [ {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-0001",
- "ASSIGNER" : "[email protected]"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-400"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/106541";,
- "name" : "106541",
- "refsource" : "BID",
- "tags" : [ "Third Party Advisory", "VDB Entry" ]
- }, {
- "url" : "https://kb.juniper.net/JSA10900";,
- "name" : "https://kb.juniper.net/JSA10900";,
- "refsource" : "CONFIRM",
- "tags" : [ "Vendor Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Receipt of a malformed packet on MX Series devices with
dynamic vlan configuration can trigger an uncontrolled recursion loop in the
Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU
usage and a crash of the bbe-smgd service. Repeated receipt of the same packet
can result in an extended denial of service condition for the device. Affected
releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2
versions prior to 16.2R2 [...]
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s3:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s4:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 5.9,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.2,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.1
+ "resultsPerPage": 6,
+ "startIndex": 0,
+ "totalResults": 6,
+ "format": "NVD_CVE",
+ "version": "2.0",
+ "timestamp": "2025-08-23T03:01:35.4173588",
+ "vulnerabilities": [
+ {
+ "cve": {
+ "id": "CVE-2019-0001",
+ "sourceIdentifier": "[email protected]",
+ "published": "2019-01-15T21:29:00.760",
+ "lastModified": "2024-11-21T04:16:01.113",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Receipt of a malformed packet on MX Series devices with
dynamic vlan configuration can trigger an uncontrolled recursion loop in the
Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU
usage and a crash of the bbe-smgd service. Repeated receipt of the same packet
can result in an extended denial of service condition for the device. Affected
releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2
versions prior to 16.2R [...]
+ },
+ {
+ "lang": "es",
+ "value": "La recepción de un paquete mal formado en dispositivos
MX Series con una configuración vlan dinámica puede desencadenar un bucle de
recursión no controlado en el demonio de gestión de suscriptores Broadband Edge
(bbe-smgd) y conducir a un alto uso de CPU y el cierre inesperado del servicio
bbe-smgd. La recepción repetida del mismo paquete puede resultar en una
condición de denegación de servicio (DoS) extendida para los dispositivos. Las
versiones afectadas son Juni [...]
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ],
+ "cvssMetricV30": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
+ "baseScore": 7.1,
+ "accessVector": "NETWORK",
+ "accessComplexity": "MEDIUM",
+ "authentication": "NONE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "COMPLETE"
+ },
+ "baseSeverity": "HIGH",
+ "exploitabilityScore": 8.6,
+ "impactScore": 6.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
},
- "severity" : "HIGH",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.9,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-674"
+ }
+ ]
+ },
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-674"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "258A380C-1EA0-407D-B7E3-4A2E8820119C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "CD5A30CE-9498-4007-8E66-FD0CC6CF1836"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*",
+ "matchCriteriaId": "07CD1E7C-24EA-46B7-964C-C78FF64AFAE6"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*",
+ "matchCriteriaId": "8A457C57-4A36-433D-9473-5ABC091DF316"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*",
+ "matchCriteriaId": "6D3E38C1-808C-4BD3-993D-F30855F5390F"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*",
+ "matchCriteriaId": "C2AF9C4B-23E6-485D-A115-2B728E929C6A"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "1FD11073-DC27-41F8-A6A2-7E22A062D14E"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "2A78389E-868C-422D-9AA3-8A672DF6C2AF"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "85BFC22F-A6B3-4306-A28B-5D78FFA6402D"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "99276E50-825C-4BB4-8496-1F81BDA21655"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*",
+ "matchCriteriaId": "72194CB7-FFDC-4897-9D6E-EA3459DDDEB5"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "C88635DB-09B1-4DA1-8FC3-2F7A7E42819C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*",
+ "matchCriteriaId": "92F35C19-5AD2-4F98-8313-2E880714DF3B"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "DF5A9D31-ED7D-4390-B46D-7E46089DB932"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "90B94472-0E32-48AD-A690-AABB2C53CA58"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*",
+ "matchCriteriaId": "6B4A4960-0241-4BF4-8857-8B7BE33466B6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "9677CE18-B955-432F-BA2B-AAE3D0CA0F16"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "3661BC68-6F32-447F-8D20-FD73FBBED9C6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "84DD80BF-BF7E-447B-AA74-00B3D8036E36"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "57B89EEB-222D-46AA-BC8F-4EE7E17BA7B6"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "ECAE613D-1317-4D2E-8A61-980CD5DEAED8"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "BAB2D63C-C966-42CA-85A9-09820D00A2D8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "CC9B5CDE-3A50-4CD3-962A-FA0989939F37"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "7572C187-4D58-4E0D-A605-B2B13EFF5C6B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "E34A149E-C2ED-4D86-A105-0A2775654AE7"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4E0D42C4-9B4D-44F9-BC84-E7994404598B"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "DE2C20D8-3C73-4B87-BA41-DBFBCA5FBA58"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "54D887B4-D2F4-4537-8298-B98D01396F12"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "1C1B5AE6-A323-4744-BCA1-25E46D2D27BB"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "0AB39E2F-0D67-4FA6-84B8-36684E971002"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "A32C3702-48DE-47CF-B0D1-3A629676AD03"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "B9695B3E-FCDA-4DF0-B714-8B4F87AA647D"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*",
+ "matchCriteriaId": "36214C23-82C8-4A3E-9FF8-04F85FF8B2B7"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*",
+ "matchCriteriaId": "F3778643-1684-4549-A764-A1909C14B4B3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "BCEE8D9C-6D64-4A9B-A74A-57A0BF4086C6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "E889BF9C-BDDF-4A6A-97BB-00A097EF6D91"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "8BCF0612-AF16-4925-8E42-77734513F923"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "595987A6-D8CE-41ED-B51C-EF9CD3B47AD0"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "7B5A2205-C40B-4746-9A23-1973433FF065"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "CFA3526C-FF53-4823-B6AC-0BA91BFB532D"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "AA92B7F8-705B-410F-BDA3-7C28FF51967F"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "9689695F-53EB-4B35-9072-750E7282B011"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*",
+ "matchCriteriaId": "4F7CE683-5647-455B-936C-DF0D973A180A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r2-s11:*:*:*:*:*:*",
+ "matchCriteriaId": "BA433E05-83F8-410D-AEB3-3A02BAB0BE0B"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "B87ECEAD-FD18-4252-8D46-F281DD4125AC"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "C6788EE2-B0DA-470E-B72E-E8D5CCFB5259"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "BA8D32E4-1892-46DC-9782-5466A14E18D9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
+ "matchCriteriaId": "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "F0F65DCA-34B9-4CE8-91C9-426AAAEB4097"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://www.securityfocus.com/bid/106541";,
+ "source": "[email protected]",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ },
+ {
+ "url": "https://kb.juniper.net/JSA10900";,
+ "source": "[email protected]",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/";,
+ "source": "[email protected]"
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/";,
+ "source": "[email protected]"
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/106541";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ },
+ {
+ "url": "https://kb.juniper.net/JSA10900";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ }
+ ]
}
},
- "publishedDate" : "2019-01-15T21:29Z",
- "lastModifiedDate" : "2019-10-09T23:43Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-0005",
- "ASSIGNER" : "[email protected]"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-400"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/106665";,
- "name" : "106665",
- "refsource" : "BID",
- "tags" : [ "Third Party Advisory" ]
- }, {
- "url" : "https://kb.juniper.net/JSA10905";,
- "name" : "https://kb.juniper.net/JSA10905";,
- "refsource" : "CONFIRM",
- "tags" : [ "Vendor Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "On EX2300, EX3400, EX4600, QFX3K and QFX5K series,
firewall filter configuration cannot perform packet matching on any IPv6
extension headers. This issue may allow IPv6 packets that should have been
blocked to be forwarded. IPv4 packet filtering is unaffected by this
vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX
series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7;
15.1X53 versions prior to 15.1X53-D234 on QFX52 [...]
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d40:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d42:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d43:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d44:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d45:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d46:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d210:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d230:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d234:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d590:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:gfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:r1:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
+ {
+ "cve": {
+ "id": "CVE-2019-1010204",
+ "sourceIdentifier": "[email protected]",
+ "published": "2019-07-23T14:15:13.373",
+ "lastModified": "2024-11-21T04:18:03.163",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils
v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned
Comparison, Out-of-bounds Read. The impact is: Denial of service. The component
is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An
ELF file with an invalid e_shoff header field must be opened."
+ },
+ {
+ "lang": "es",
+ "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils
v2.21-v2.31.1) está afectado por: Validación incorrecta de entrada, comparación
firmada / sin firmar, lectura fuera de límites. El impacto es: Denegación de
servicio. El componente es: gold / fileread.cc: 497, elfcpp / elfcpp_file.h:
644. El vector de ataque es: Se debe abrir un archivo ELF con un campo de
encabezado e_shoff no válido."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
+ "baseScore": 4.3,
+ "accessVector": "NETWORK",
+ "accessComplexity": "MEDIUM",
+ "authentication": "NONE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.6,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": true
+ }
+ ]
},
- "exploitabilityScore" : 3.9,
- "impactScore" : 1.4
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2019-01-15T21:29Z",
- "lastModifiedDate" : "2019-02-14T18:40Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-14811",
- "ASSIGNER" : "[email protected]"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-264"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" :
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html";,
- "name" : "openSUSE-SU-2019:2223",
- "refsource" : "SUSE",
- "tags" : [ ]
- }, {
- "url" :
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html";,
- "name" : "openSUSE-SU-2019:2222",
- "refsource" : "SUSE",
- "tags" : [ ]
- }, {
- "url" : "https://access.redhat.com/errata/RHBA-2019:2824";,
- "name" : "RHBA-2019:2824",
- "refsource" : "REDHAT",
- "tags" : [ ]
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2019:2594";,
- "name" : "RHSA-2019:2594",
- "refsource" : "REDHAT",
- "tags" : [ ]
- }, {
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811";,
- "name" :
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811";,
- "refsource" : "CONFIRM",
- "tags" : [ "Exploit", "Issue Tracking", "Mitigation", "Patch",
"Third Party Advisory" ]
- }, {
- "url" :
"https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html";,
- "name" : "[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1]
ghostscript security update",
- "refsource" : "MLIST",
- "tags" : [ ]
- }, {
- "url" :
"https://lists.fedoraproject.org/archives/list/[email protected]/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/";,
- "name" : "FEDORA-2019-ebd6c4f15a",
- "refsource" : "FEDORA",
- "tags" : [ ]
- }, {
- "url" :
"https://lists.fedoraproject.org/archives/list/[email protected]/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/";,
- "name" : "FEDORA-2019-0a9d525d71",
- "refsource" : "FEDORA",
- "tags" : [ ]
- }, {
- "url" :
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/";,
- "name" : "FEDORA-2019-953fc0f16d",
- "refsource" : "FEDORA",
- "tags" : [ ]
- }, {
- "url" : "https://seclists.org/bugtraq/2019/Sep/15";,
- "name" : "20190910 [SECURITY] [DSA 4518-1] ghostscript security
update",
- "refsource" : "BUGTRAQ",
- "tags" : [ ]
- }, {
- "url" : "https://www.debian.org/security/2019/dsa-4518";,
- "name" : "DSA-4518",
- "refsource" : "DEBIAN",
- "tags" : [ ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A flaw was found in, ghostscript versions prior to 9.28,
in the .pdf_hook_DSC_Creator procedure where it did not properly secure its
privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A
specially crafted PostScript file could disable security protection and then
have access to the file system, or execute arbitrary commands."
- } ]
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-681"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.21",
+ "versionEndIncluding": "2.31.1",
+ "matchCriteriaId": "B1BF4DF3-4D96-4488-A1F7-38A7AF5DC725"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "1.11",
+ "versionEndIncluding": "1.16",
+ "matchCriteriaId": "52A4DA53-C77B-4E9E-94E3-D7F63C44A2F6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20190822-0001/";,
+ "source": "[email protected]",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765";,
+ "source": "[email protected]",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS";,
+ "source": "[email protected]"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20190822-0001/";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ }
+ ]
}
},
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "9.28"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
+ {
+ "cve": {
+ "id": "CVE-2019-1010180",
+ "sourceIdentifier": "[email protected]",
+ "published": "2019-07-24T13:15:10.997",
+ "lastModified": "2024-11-21T04:18:01.790",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "GNU gdb All versions is affected by: Buffer Overflow -
Out of bound memory access. The impact is: Deny of Service, Memory Disclosure,
and Possible Code Execution. The component is: The main gdb module. The attack
vector is: Open an ELF for debugging. The fixed version is: Not fixed yet."
+ },
+ {
+ "lang": "es",
+ "value": "GNU gdb Todas las versiones se ven afectadas por:
Desbordamiento de búfer - Acceso a memoria fuera de enlace. El impacto es:
Denegación de servicio, Divulgación de memoria y Posible ejecución de código.
El componente es: El módulo principal de gdb. El vector de ataque es: Abra un
ELF para la depuración. La versión arregladas es: Aún no está arreglada."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+ "baseScore": 6.8,
+ "accessVector": "NETWORK",
+ "accessComplexity": "MEDIUM",
+ "authentication": "NONE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.6,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": true
+ }
+ ]
},
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.4,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2019-09-03T16:15Z",
- "lastModifiedDate" : "2019-09-10T03:15Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-17365",
- "ASSIGNER" : "[email protected]"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-276"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.openwall.com/lists/oss-security/2019/10/09/4";,
- "name" : "http://www.openwall.com/lists/oss-security/2019/10/09/4";,
- "refsource" : "MISC",
- "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ]
- }, {
- "url" : "http://www.openwall.com/lists/oss-security/2019/10/10/1";,
- "name" : "[oss-security] 20191010 Re: CVE-2019-17365: Nix per-user
profile directory hijack",
- "refsource" : "MLIST",
- "tags" : [ "Third Party Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Nix through 2.3 allows local users to gain access to an
arbitrary user's account because the parent directory of the user-profile
directories is world writable."
- } ]
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.1",
+ "matchCriteriaId": "2855B0DE-972E-4536-9D6E-3C57C4253177"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/109367";,
+ "source": "[email protected]",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202003-31";,
+ "source": "[email protected]",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23657";,
+ "source": "[email protected]",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/109367";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202003-31";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23657";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ }
+ ]
}
},
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
- "versionEndIncluding" : "2.3"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.1",
- "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.6
+ {
+ "cve": {
+ "id": "CVE-2019-14811",
+ "sourceIdentifier": "[email protected]",
+ "published": "2019-09-03T16:15:11.573",
+ "lastModified": "2024-11-21T04:27:24.480",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A flaw was found in, ghostscript versions prior to 9.50,
in the .pdf_hook_DSC_Creator procedure where it did not properly secure its
privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A
specially crafted PostScript file could disable security protection and then
have access to the file system, or execute arbitrary commands."
+ },
+ {
+ "lang": "es",
+ "value": "Se detecto un defecto en, ghostscript en versiones
anteriores a la 9.50, en el procedimiento .pdf_hook_DSC_Creator donde no
aseguró adecuadamente sus llamadas privilegiadas, permitiendo que los scripts
omitieran las restricciones `-dSAFER`. Un archivo PostScript especialmente
diseñado podría deshabilitar la protección de seguridad y luego tener acceso al
sistema de archivos o ejecutar comandos arbitrarios."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ],
+ "cvssMetricV30": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+ "baseScore": 6.8,
+ "accessVector": "NETWORK",
+ "accessComplexity": "MEDIUM",
+ "authentication": "NONE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.6,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": true
+ }
+ ]
},
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 6.4,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2019-10-09T22:15Z",
- "lastModifiedDate" : "2019-10-11T13:19Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-1010180",
- "ASSIGNER" : "[email protected]"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/109367";,
- "name" : "109367",
- "refsource" : "BID",
- "tags" : [ "Third Party Advisory", "VDB Entry" ]
- }, {
- "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657";,
- "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657";,
- "refsource" : "MISC",
- "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "GNU gdb All versions is affected by: Buffer Overflow -
Out of bound memory access. The impact is: Deny of Service, Memory Disclosure,
and Possible Code Execution. The component is: The main gdb module. The attack
vector is: Open an ELF for debugging. The fixed version is: Not fixed yet."
- } ]
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-648"
+ }
+ ]
+ },
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.50",
+ "matchCriteriaId": "1F129EB4-EEB2-46F1-8DAA-E016D7EE1356"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
+ },
+ {
+ "vulnerable": true,
+ "criteria":
"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHBA-2019:2824";,
+ "source": "[email protected]",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2019:2594";,
+ "source": "[email protected]",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811";,
+ "source": "[email protected]",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Mitigation",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/";,
+ "source": "[email protected]"
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/";,
+ "source": "[email protected]"
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/";,
+ "source": "[email protected]"
+ },
+ {
+ "url": "https://seclists.org/bugtraq/2019/Sep/15";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202004-03";,
+ "source": "[email protected]",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.debian.org/security/2019/dsa-4518";,
+ "source": "[email protected]",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHBA-2019:2824";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2019:2594";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Mitigation",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
+ {
+ "url":
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
+ {
+ "url": "https://seclists.org/bugtraq/2019/Sep/15";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202004-03";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.debian.org/security/2019/dsa-4518";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
}
},
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.8
+ {
+ "cve": {
+ "id": "CVE-2019-17365",
+ "sourceIdentifier": "[email protected]",
+ "published": "2019-10-09T22:15:10.670",
+ "lastModified": "2025-01-15T14:29:23.370",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Nix through 2.3 allows local users to gain access to an
arbitrary user's account because the parent directory of the user-profile
directories is world writable."
+ },
+ {
+ "lang": "es",
+ "value": "Nix versiones hasta 2.3, permite a usuarios locales
conseguir acceso a la cuenta de un usuario arbitrario porque el directorio
principal de los directorios de perfil de usuario son de tipo world writable."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+ "baseScore": 4.6,
+ "accessVector": "LOCAL",
+ "accessComplexity": "LOW",
+ "authentication": "NONE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 3.9,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
},
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.4,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2019-07-24T13:15Z",
- "lastModifiedDate" : "2019-08-01T15:39Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-1010204",
- "ASSIGNER" : "[email protected]"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-125"
- }, {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://security.netapp.com/advisory/ntap-20190822-0001/";,
- "name" : "https://security.netapp.com/advisory/ntap-20190822-0001/";,
- "refsource" : "CONFIRM",
- "tags" : [ ]
- }, {
- "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765";,
- "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765";,
- "refsource" : "MISC",
- "tags" : [ "Issue Tracking", "Third Party Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "GNU binutils gold gold v1.11-v1.16 (GNU binutils
v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned
Comparison, Out-of-bounds Read. The impact is: Denial of service. The component
is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An
ELF file with an invalid e_shoff header field must be opened."
- } ]
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.3",
+ "matchCriteriaId": "41CBEDE7-C5CA-4533-8F81-940E20658FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/09/4";,
+ "source": "[email protected]",
+ "tags": [
+ "Exploit",
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/10/1";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/09/4";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Exploit",
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/10/1";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ }
+ ]
}
},
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "2.21",
- "versionEndIncluding" : "2.31.1"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "1.11",
- "versionEndIncluding" : "1.16"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 5.5,
- "baseSeverity" : "MEDIUM"
+ {
+ "cve": {
+ "id": "CVE-2019-18192",
+ "sourceIdentifier": "[email protected]",
+ "published": "2019-10-17T20:15:12.707",
+ "lastModified": "2024-11-21T04:32:47.937",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "GNU Guix 1.0.1 allows local users to gain access to an
arbitrary user's account because the parent directory of the user-profile
directories is world writable, a similar issue to CVE-2019-17365."
+ },
+ {
+ "lang": "es",
+ "value": "GNU Guix versión 1.0.1, permite a los usuarios locales
conseguir acceso a la cuenta de un usuario arbitrario porque el directorio
principal de los directorios de perfil de usuario son escribibles por todo el
mundo, un problema similar a CVE-2019-17365."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+ "baseScore": 4.6,
+ "accessVector": "LOCAL",
+ "accessComplexity": "LOW",
+ "authentication": "NONE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 3.9,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
},
- "exploitabilityScore" : 1.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-732"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gnu:guix:1.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA9DBA1-9FDE-48F6-ACEB-8D9BFA91A4EE"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3";,
+ "source": "[email protected]",
+ "tags": [
+ "Mailing List",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://issues.guix.gnu.org/issue/37744";,
+ "source": "[email protected]",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://issues.guix.gnu.org/issue/37744";,
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
+ }
+ ]
}
- },
- "publishedDate" : "2019-07-23T14:15Z",
- "lastModifiedDate" : "2019-08-22T07:15Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-18192",
- "ASSIGNER" : "[email protected]"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.openwall.com/lists/oss-security/2019/10/17/3";,
- "name" : "[oss-security] 20191017 CVE-2019-18192: Insecure
permissions on Guix profile directory",
- "refsource" : "MLIST",
- "tags" : [ ]
- }, {
- "url" : "https://issues.guix.gnu.org/issue/37744";,
- "name" : "https://issues.guix.gnu.org/issue/37744";,
- "refsource" : "MISC",
- "tags" : [ ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "GNU Guix 1.0.1 allows local users to gain access to an
arbitrary user's account because the parent directory of the user-profile
directories is world writable, a similar issue to CVE-2019-17365."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2019-10-17T20:15Z",
- "lastModifiedDate" : "2019-10-17T20:29Z"
- } ]
+ }
+ ]
}
diff --git a/tests/cve.scm b/tests/cve.scm
index 90ada2b647..c80059e81f 100644
--- a/tests/cve.scm
+++ b/tests/cve.scm
@@ -22,6 +22,8 @@
#:use-module (srfi srfi-19)
#:use-module (srfi srfi-64))
+;; Generated from the 2019 database :
+;; jq -M '.vulnerabilities |= map(select(.cve.id | IN("CVE-2019-14811",
"CVE-2019-17365", "CVE-2019-1010180", "CVE-2019-1010204", "CVE-2019-18192",
"CVE-2019-0001"))) | .totalResults = (.vulnerabilities | length) |
.resultsPerPage = (.vulnerabilities | length)'
(define %sample
(search-path %load-path "tests/cve-sample.json"))
@@ -31,23 +33,19 @@
(define %expected-vulnerabilities
;; What we should get when reading %SAMPLE.
(list
- (vulnerability "CVE-2019-0001"
- ;; Only the "a" CPE configurations are kept; the "o"
- ;; configurations are discarded.
- '(("juniper" "junos" (or "18.2" (or "18.21-s3"
"18.21-s4")))))
- (vulnerability "CVE-2019-0005"
- '(("juniper" "junos" (or "18.1" "18.11"))))
- ;; CVE-2019-0005 has no "a" configurations.
- (vulnerability "CVE-2019-14811"
- '(("artifex" "ghostscript" (< "9.28"))))
- (vulnerability "CVE-2019-17365"
- '(("nixos" "nix" (<= "2.3"))))
- (vulnerability "CVE-2019-1010180"
- '(("gnu" "gdb" _))) ;any version
(vulnerability "CVE-2019-1010204"
'(("gnu" "binutils" (and (>= "2.21") (<= "2.31.1")))
("gnu" "binutils_gold" (and (>= "1.11") (<= "1.16")))))
- ;; CVE-2019-18192 has no associated configurations.
+ (vulnerability "CVE-2019-1010180"
+ '(("gnu" "gdb" (< "9.1"))))
+ (vulnerability "CVE-2019-14811"
+ '(("artifex" "ghostscript" (< "9.50"))))
+ (vulnerability "CVE-2019-17365"
+ '(("nixos" "nix" (<= "2.3"))))
+ (vulnerability "CVE-2019-18192"
+ '(("gnu" "guix" "1.0.1")))
+ ;; Only the "a" CPE configurations are kept; the "o" configurations are
discarded.
+ ;; This is why CVE-2019-0001 doesn't appear here.
))
�
@@ -55,13 +53,12 @@
(test-equal "json->cve-items"
'("CVE-2019-0001"
- "CVE-2019-0005"
+ "CVE-2019-1010204"
+ "CVE-2019-1010180"
"CVE-2019-14811"
"CVE-2019-17365"
- "CVE-2019-1010180"
- "CVE-2019-1010204"
"CVE-2019-18192")
- (map (compose cve-id cve-item-cve)
+ (map cve-item-id
(call-with-input-file %sample json->cve-items)))
(test-equal "cve-item-published-date"
@@ -75,32 +72,32 @@
(call-with-input-file %sample json->vulnerabilities))
(test-equal "vulnerabilities->lookup-proc"
- (list (list (third %expected-vulnerabilities)) ;ghostscript
- (list (third %expected-vulnerabilities))
+ (list (list (first %expected-vulnerabilities)) ;binutils
+ '()
+ (list (first %expected-vulnerabilities))
'()
- (list (fifth %expected-vulnerabilities)) ;gdb
- (list (fifth %expected-vulnerabilities))
+ (list (second %expected-vulnerabilities)) ;gdb
+ (list (second %expected-vulnerabilities))
- (list (fourth %expected-vulnerabilities)) ;nix
+ (list (third %expected-vulnerabilities)) ;ghostscript
+ (list (third %expected-vulnerabilities))
'()
- (list (sixth %expected-vulnerabilities)) ;binutils
- '()
- (list (sixth %expected-vulnerabilities))
+ (list (fourth %expected-vulnerabilities)) ;nix
'())
(let* ((vulns (call-with-input-file %sample json->vulnerabilities))
(lookup (vulnerabilities->lookup-proc vulns)))
- (list (lookup "ghostscript")
- (lookup "ghostscript" "9.27")
- (lookup "ghostscript" "9.28")
- (lookup "gdb")
- (lookup "gdb" "42.0")
- (lookup "nix")
- (lookup "nix" "2.4")
- (lookup "binutils" "2.31.1")
+ (list (lookup "binutils" "2.31.1")
(lookup "binutils" "2.10")
(lookup "binutils_gold" "1.11")
- (lookup "binutils" "2.32"))))
+ (lookup "binutils" "2.32")
+ (lookup "gdb")
+ (lookup "gdb" "9.0")
+ (lookup "ghostscript")
+ (lookup "ghostscript" "9.27")
+ (lookup "ghostscript" "9.51")
+ (lookup "nix")
+ (lookup "nix" "2.4"))))
(test-end "cve")
