diff options
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/cve-sample.json | 2951 | ||||
| -rw-r--r-- | tests/cve.scm | 67 | ||||
| -rw-r--r-- | tests/guix-environment-container.sh | 3 | ||||
| -rw-r--r-- | tests/guix-home.sh | 3 | ||||
| -rw-r--r-- | tests/guix-pack-localstatedir.sh | 3 | ||||
| -rw-r--r-- | tests/guix-pack-relocatable.sh | 5 |
6 files changed, 1732 insertions, 1300 deletions
diff --git a/tests/cve-sample.json b/tests/cve-sample.json index 11b71817bb..bd7963cda5 100644 --- a/tests/cve-sample.json +++ b/tests/cve-sample.json @@ -1,1279 +1,1710 @@ { - "CVE_data_type" : "CVE", - "CVE_data_format" : "MITRE", - "CVE_data_version" : "4.0", - "CVE_data_numberOfCVEs" : "9826", - "CVE_data_timestamp" : "2019-10-17T07:00Z", - "CVE_Items" : [ { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-0001", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-400" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.securityfocus.com/bid/106541", - "name" : "106541", - "refsource" : "BID", - "tags" : [ "Third Party Advisory", "VDB Entry" ] - }, { - "url" : "https://kb.juniper.net/JSA10900", - "name" : "https://kb.juniper.net/JSA10900", - "refsource" : "CONFIRM", - "tags" : [ "Vendor Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2." - } ] - } - }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:*:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s3:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s4:*:*:*:*:*:*" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "attackVector" : "NETWORK", - "attackComplexity" : "HIGH", - "privilegesRequired" : "NONE", - "userInteraction" : "NONE", - "scope" : "UNCHANGED", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "availabilityImpact" : "HIGH", - "baseScore" : 5.9, - "baseSeverity" : "MEDIUM" - }, - "exploitabilityScore" : 2.2, - "impactScore" : 3.6 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", - "accessVector" : "NETWORK", - "accessComplexity" : "MEDIUM", - "authentication" : "NONE", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "availabilityImpact" : "COMPLETE", - "baseScore" : 7.1 + "resultsPerPage": 6, + "startIndex": 0, + "totalResults": 6, + "format": "NVD_CVE", + "version": "2.0", + "timestamp": "2025-08-23T03:01:35.4173588", + "vulnerabilities": [ + { + "cve": { + "id": "CVE-2019-0001", + "sourceIdentifier": "sirt@juniper.net", + "published": "2019-01-15T21:29:00.760", + "lastModified": "2024-11-21T04:16:01.113", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2." + }, + { + "lang": "es", + "value": "La recepción de un paquete mal formado en dispositivos MX Series con una configuración vlan dinámica puede desencadenar un bucle de recursión no controlado en el demonio de gestión de suscriptores Broadband Edge (bbe-smgd) y conducir a un alto uso de CPU y el cierre inesperado del servicio bbe-smgd. La recepción repetida del mismo paquete puede resultar en una condición de denegación de servicio (DoS) extendida para los dispositivos. Las versiones afectadas son Juniper Networks Junos OS: 16.1 en versiones anteriores a la 16.1R7-S1; 16.2 en versiones anteriores a la 16.2R2-S7; 17.1 en versiones anteriores a la 17.1R2-S10, 17.1R3; 17.2 en versiones anteriores a la 17.2R3; 17.3 en versiones anteriores a la 17.3R3-S1; 17.4 en versiones anteriores a la 17.4R2; 18.1 en versiones anteriores a la 18.1R3 y 18.2 en versiones anteriores a la 18.2R2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], + "cvssMetricV30": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "baseScore": 7.1, + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.6, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] }, - "severity" : "HIGH", - "exploitabilityScore" : 8.6, - "impactScore" : 6.9, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : false + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-674" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-674" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*", + "matchCriteriaId": "258A380C-1EA0-407D-B7E3-4A2E8820119C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "CD5A30CE-9498-4007-8E66-FD0CC6CF1836" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*", + "matchCriteriaId": "07CD1E7C-24EA-46B7-964C-C78FF64AFAE6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*", + "matchCriteriaId": "8A457C57-4A36-433D-9473-5ABC091DF316" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*", + "matchCriteriaId": "6D3E38C1-808C-4BD3-993D-F30855F5390F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*", + "matchCriteriaId": "C2AF9C4B-23E6-485D-A115-2B728E929C6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*", + "matchCriteriaId": "1FD11073-DC27-41F8-A6A2-7E22A062D14E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*", + "matchCriteriaId": "2A78389E-868C-422D-9AA3-8A672DF6C2AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*", + "matchCriteriaId": "85BFC22F-A6B3-4306-A28B-5D78FFA6402D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*", + "matchCriteriaId": "99276E50-825C-4BB4-8496-1F81BDA21655" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*", + "matchCriteriaId": "72194CB7-FFDC-4897-9D6E-EA3459DDDEB5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*", + "matchCriteriaId": "C88635DB-09B1-4DA1-8FC3-2F7A7E42819C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*", + "matchCriteriaId": "92F35C19-5AD2-4F98-8313-2E880714DF3B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*", + "matchCriteriaId": "DF5A9D31-ED7D-4390-B46D-7E46089DB932" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*", + "matchCriteriaId": "90B94472-0E32-48AD-A690-AABB2C53CA58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*", + "matchCriteriaId": "6B4A4960-0241-4BF4-8857-8B7BE33466B6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*", + "matchCriteriaId": "9677CE18-B955-432F-BA2B-AAE3D0CA0F16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "3661BC68-6F32-447F-8D20-FD73FBBED9C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "84DD80BF-BF7E-447B-AA74-00B3D8036E36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "57B89EEB-222D-46AA-BC8F-4EE7E17BA7B6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*", + "matchCriteriaId": "ECAE613D-1317-4D2E-8A61-980CD5DEAED8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*", + "matchCriteriaId": "BAB2D63C-C966-42CA-85A9-09820D00A2D8" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*", + "matchCriteriaId": "CC9B5CDE-3A50-4CD3-962A-FA0989939F37" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "7572C187-4D58-4E0D-A605-B2B13EFF5C6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "E34A149E-C2ED-4D86-A105-0A2775654AE7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "4E0D42C4-9B4D-44F9-BC84-E7994404598B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "DE2C20D8-3C73-4B87-BA41-DBFBCA5FBA58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*", + "matchCriteriaId": "54D887B4-D2F4-4537-8298-B98D01396F12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*", + "matchCriteriaId": "1C1B5AE6-A323-4744-BCA1-25E46D2D27BB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*", + "matchCriteriaId": "0AB39E2F-0D67-4FA6-84B8-36684E971002" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*", + "matchCriteriaId": "A32C3702-48DE-47CF-B0D1-3A629676AD03" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*", + "matchCriteriaId": "B9695B3E-FCDA-4DF0-B714-8B4F87AA647D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*", + "matchCriteriaId": "36214C23-82C8-4A3E-9FF8-04F85FF8B2B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*", + "matchCriteriaId": "F3778643-1684-4549-A764-A1909C14B4B3" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*", + "matchCriteriaId": "BCEE8D9C-6D64-4A9B-A74A-57A0BF4086C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "E889BF9C-BDDF-4A6A-97BB-00A097EF6D91" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "8BCF0612-AF16-4925-8E42-77734513F923" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "595987A6-D8CE-41ED-B51C-EF9CD3B47AD0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*", + "matchCriteriaId": "7B5A2205-C40B-4746-9A23-1973433FF065" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*", + "matchCriteriaId": "CFA3526C-FF53-4823-B6AC-0BA91BFB532D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*", + "matchCriteriaId": "AA92B7F8-705B-410F-BDA3-7C28FF51967F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*", + "matchCriteriaId": "9689695F-53EB-4B35-9072-750E7282B011" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*", + "matchCriteriaId": "4F7CE683-5647-455B-936C-DF0D973A180A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*", + "matchCriteriaId": "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s11:*:*:*:*:*:*", + "matchCriteriaId": "BA433E05-83F8-410D-AEB3-3A02BAB0BE0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*", + "matchCriteriaId": "B87ECEAD-FD18-4252-8D46-F281DD4125AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*", + "matchCriteriaId": "C6788EE2-B0DA-470E-B72E-E8D5CCFB5259" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*", + "matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*", + "matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*", + "matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*", + "matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*", + "matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*", + "matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*", + "matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*", + "matchCriteriaId": "BA8D32E4-1892-46DC-9782-5466A14E18D9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*", + "matchCriteriaId": "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*", + "matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*", + "matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*", + "matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*", + "matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*", + "matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*", + "matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*", + "matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*", + "matchCriteriaId": "F0F65DCA-34B9-4CE8-91C9-426AAAEB4097" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*", + "matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*", + "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*", + "matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*", + "matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*", + "matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", + "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", + "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://www.securityfocus.com/bid/106541", + "source": "sirt@juniper.net", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://kb.juniper.net/JSA10900", + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/", + "source": "sirt@juniper.net" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/", + "source": "sirt@juniper.net" + }, + { + "url": "http://www.securityfocus.com/bid/106541", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://kb.juniper.net/JSA10900", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] } }, - "publishedDate" : "2019-01-15T21:29Z", - "lastModifiedDate" : "2019-10-09T23:43Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-0005", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-400" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.securityfocus.com/bid/106665", - "name" : "106665", - "refsource" : "BID", - "tags" : [ "Third Party Advisory" ] - }, { - "url" : "https://kb.juniper.net/JSA10905", - "name" : "https://kb.juniper.net/JSA10905", - "refsource" : "CONFIRM", - "tags" : [ "Vendor Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2." - } ] - } - }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d40:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d42:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d43:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d44:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d45:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d46:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d210:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d230:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d234:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d590:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:gfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - }, { - "operator" : "AND", - "children" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:*:*:*:*:*:*:*" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:r1:*:*:*:*:*:*" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" - }, { - "vulnerable" : false, - "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" - } ] - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "attackVector" : "NETWORK", - "attackComplexity" : "LOW", - "privilegesRequired" : "NONE", - "userInteraction" : "NONE", - "scope" : "UNCHANGED", - "confidentialityImpact" : "NONE", - "integrityImpact" : "LOW", - "availabilityImpact" : "NONE", - "baseScore" : 5.3, - "baseSeverity" : "MEDIUM" + { + "cve": { + "id": "CVE-2019-1010204", + "sourceIdentifier": "josh@bress.net", + "published": "2019-07-23T14:15:13.373", + "lastModified": "2024-11-21T04:18:03.163", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened." + }, + { + "lang": "es", + "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) está afectado por: Validación incorrecta de entrada, comparación firmada / sin firmar, lectura fuera de límites. El impacto es: Denegación de servicio. El componente es: gold / fileread.cc: 497, elfcpp / elfcpp_file.h: 644. El vector de ataque es: Se debe abrir un archivo ELF con un campo de encabezado e_shoff no válido." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "baseScore": 4.3, + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": true + } + ] }, - "exploitabilityScore" : 3.9, - "impactScore" : 1.4 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", - "accessVector" : "NETWORK", - "accessComplexity" : "LOW", - "authentication" : "NONE", - "confidentialityImpact" : "NONE", - "integrityImpact" : "PARTIAL", - "availabilityImpact" : "NONE", - "baseScore" : 5.0 - }, - "severity" : "MEDIUM", - "exploitabilityScore" : 10.0, - "impactScore" : 2.9, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : false - } - }, - "publishedDate" : "2019-01-15T21:29Z", - "lastModifiedDate" : "2019-02-14T18:40Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-14811", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-264" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html", - "name" : "openSUSE-SU-2019:2223", - "refsource" : "SUSE", - "tags" : [ ] - }, { - "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html", - "name" : "openSUSE-SU-2019:2222", - "refsource" : "SUSE", - "tags" : [ ] - }, { - "url" : "https://access.redhat.com/errata/RHBA-2019:2824", - "name" : "RHBA-2019:2824", - "refsource" : "REDHAT", - "tags" : [ ] - }, { - "url" : "https://access.redhat.com/errata/RHSA-2019:2594", - "name" : "RHSA-2019:2594", - "refsource" : "REDHAT", - "tags" : [ ] - }, { - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", - "refsource" : "CONFIRM", - "tags" : [ "Exploit", "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ] - }, { - "url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html", - "name" : "[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/", - "name" : "FEDORA-2019-ebd6c4f15a", - "refsource" : "FEDORA", - "tags" : [ ] - }, { - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/", - "name" : "FEDORA-2019-0a9d525d71", - "refsource" : "FEDORA", - "tags" : [ ] - }, { - "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/", - "name" : "FEDORA-2019-953fc0f16d", - "refsource" : "FEDORA", - "tags" : [ ] - }, { - "url" : "https://seclists.org/bugtraq/2019/Sep/15", - "name" : "20190910 [SECURITY] [DSA 4518-1] ghostscript security update", - "refsource" : "BUGTRAQ", - "tags" : [ ] - }, { - "url" : "https://www.debian.org/security/2019/dsa-4518", - "name" : "DSA-4518", - "refsource" : "DEBIAN", - "tags" : [ ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." - } ] + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-681" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.21", + "versionEndIncluding": "2.31.1", + "matchCriteriaId": "B1BF4DF3-4D96-4488-A1F7-38A7AF5DC725" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.11", + "versionEndIncluding": "1.16", + "matchCriteriaId": "52A4DA53-C77B-4E9E-94E3-D7F63C44A2F6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737" + } + ] + } + ] + } + ], + "references": [ + { + "url": "https://security.netapp.com/advisory/ntap-20190822-0001/", + "source": "josh@bress.net", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", + "source": "josh@bress.net", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] + }, + { + "url": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS", + "source": "josh@bress.net" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20190822-0001/", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] + }, + { + "url": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS", + "source": "af854a3a-2127-422b-91ae-364da2661108" + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", - "versionEndExcluding" : "9.28" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "attackVector" : "LOCAL", - "attackComplexity" : "LOW", - "privilegesRequired" : "NONE", - "userInteraction" : "REQUIRED", - "scope" : "UNCHANGED", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "availabilityImpact" : "HIGH", - "baseScore" : 7.8, - "baseSeverity" : "HIGH" + { + "cve": { + "id": "CVE-2019-1010180", + "sourceIdentifier": "josh@bress.net", + "published": "2019-07-24T13:15:10.997", + "lastModified": "2024-11-21T04:18:01.790", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet." + }, + { + "lang": "es", + "value": "GNU gdb Todas las versiones se ven afectadas por: Desbordamiento de búfer - Acceso a memoria fuera de enlace. El impacto es: Denegación de servicio, Divulgación de memoria y Posible ejecución de código. El componente es: El módulo principal de gdb. El vector de ataque es: Abra un ELF para la depuración. La versión arregladas es: Aún no está arreglada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "baseScore": 6.8, + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": true + } + ] }, - "exploitabilityScore" : 1.8, - "impactScore" : 5.9 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "accessVector" : "NETWORK", - "accessComplexity" : "MEDIUM", - "authentication" : "NONE", - "confidentialityImpact" : "PARTIAL", - "integrityImpact" : "PARTIAL", - "availabilityImpact" : "PARTIAL", - "baseScore" : 6.8 - }, - "severity" : "MEDIUM", - "exploitabilityScore" : 8.6, - "impactScore" : 6.4, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : true - } - }, - "publishedDate" : "2019-09-03T16:15Z", - "lastModifiedDate" : "2019-09-10T03:15Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-17365", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-276" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.openwall.com/lists/oss-security/2019/10/09/4", - "name" : "http://www.openwall.com/lists/oss-security/2019/10/09/4", - "refsource" : "MISC", - "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] - }, { - "url" : "http://www.openwall.com/lists/oss-security/2019/10/10/1", - "name" : "[oss-security] 20191010 Re: CVE-2019-17365: Nix per-user profile directory hijack", - "refsource" : "MLIST", - "tags" : [ "Third Party Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable." - } ] + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "2855B0DE-972E-4536-9D6E-3C57C4253177" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "source": "josh@bress.net", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "source": "josh@bress.net", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", + "source": "josh@bress.net", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", + "source": "josh@bress.net", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.securityfocus.com/bid/109367", + "source": "josh@bress.net", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://security.gentoo.org/glsa/202003-31", + "source": "josh@bress.net", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", + "source": "josh@bress.net", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.securityfocus.com/bid/109367", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] + }, + { + "url": "https://security.gentoo.org/glsa/202003-31", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*", - "versionEndIncluding" : "2.3" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.1", - "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector" : "LOCAL", - "attackComplexity" : "LOW", - "privilegesRequired" : "LOW", - "userInteraction" : "NONE", - "scope" : "UNCHANGED", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "availabilityImpact" : "HIGH", - "baseScore" : 7.8, - "baseSeverity" : "HIGH" - }, - "exploitabilityScore" : 1.8, - "impactScore" : 5.9 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", - "accessVector" : "LOCAL", - "accessComplexity" : "LOW", - "authentication" : "NONE", - "confidentialityImpact" : "PARTIAL", - "integrityImpact" : "PARTIAL", - "availabilityImpact" : "PARTIAL", - "baseScore" : 4.6 + { + "cve": { + "id": "CVE-2019-14811", + "sourceIdentifier": "secalert@redhat.com", + "published": "2019-09-03T16:15:11.573", + "lastModified": "2024-11-21T04:27:24.480", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." + }, + { + "lang": "es", + "value": "Se detecto un defecto en, ghostscript en versiones anteriores a la 9.50, en el procedimiento .pdf_hook_DSC_Creator donde no aseguró adecuadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones `-dSAFER`. Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y luego tener acceso al sistema de archivos o ejecutar comandos arbitrarios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV30": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "baseScore": 6.8, + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": true + } + ] }, - "severity" : "MEDIUM", - "exploitabilityScore" : 3.9, - "impactScore" : 6.4, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : false - } - }, - "publishedDate" : "2019-10-09T22:15Z", - "lastModifiedDate" : "2019-10-11T13:19Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-1010180", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-119" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.securityfocus.com/bid/109367", - "name" : "109367", - "refsource" : "BID", - "tags" : [ "Third Party Advisory", "VDB Entry" ] - }, { - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", - "refsource" : "MISC", - "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet." - } ] + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-648" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.50", + "matchCriteriaId": "1F129EB4-EEB2-46F1-8DAA-E016D7EE1356" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", + "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", + "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", + "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", + "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html", + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html", + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://access.redhat.com/errata/RHBA-2019:2824", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2594", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", + "source": "secalert@redhat.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Mitigation", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html", + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/", + "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/", + "source": "secalert@redhat.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/", + "source": "secalert@redhat.com" + }, + { + "url": "https://seclists.org/bugtraq/2019/Sep/15", + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://security.gentoo.org/glsa/202004-03", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.debian.org/security/2019/dsa-4518", + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://access.redhat.com/errata/RHBA-2019:2824", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://access.redhat.com/errata/RHSA-2019:2594", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Mitigation", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://seclists.org/bugtraq/2019/Sep/15", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "https://security.gentoo.org/glsa/202004-03", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://www.debian.org/security/2019/dsa-4518", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "attackVector" : "LOCAL", - "attackComplexity" : "LOW", - "privilegesRequired" : "NONE", - "userInteraction" : "REQUIRED", - "scope" : "UNCHANGED", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "availabilityImpact" : "HIGH", - "baseScore" : 7.8, - "baseSeverity" : "HIGH" - }, - "exploitabilityScore" : 1.8, - "impactScore" : 5.9 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "accessVector" : "NETWORK", - "accessComplexity" : "MEDIUM", - "authentication" : "NONE", - "confidentialityImpact" : "PARTIAL", - "integrityImpact" : "PARTIAL", - "availabilityImpact" : "PARTIAL", - "baseScore" : 6.8 + { + "cve": { + "id": "CVE-2019-17365", + "sourceIdentifier": "cve@mitre.org", + "published": "2019-10-09T22:15:10.670", + "lastModified": "2025-01-15T14:29:23.370", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable." + }, + { + "lang": "es", + "value": "Nix versiones hasta 2.3, permite a usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son de tipo world writable." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 4.6, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.9, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] }, - "severity" : "MEDIUM", - "exploitabilityScore" : 8.6, - "impactScore" : 6.4, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : true - } - }, - "publishedDate" : "2019-07-24T13:15Z", - "lastModifiedDate" : "2019-08-01T15:39Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-1010204", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-125" - }, { - "lang" : "en", - "value" : "CWE-20" - } ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "https://security.netapp.com/advisory/ntap-20190822-0001/", - "name" : "https://security.netapp.com/advisory/ntap-20190822-0001/", - "refsource" : "CONFIRM", - "tags" : [ ] - }, { - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", - "refsource" : "MISC", - "tags" : [ "Issue Tracking", "Third Party Advisory" ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened." - } ] + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.3", + "matchCriteriaId": "41CBEDE7-C5CA-4533-8F81-940E20658FDF" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/09/4", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/10/1", + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3", + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/09/4", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/10/1", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", - "versionStartIncluding" : "2.21", - "versionEndIncluding" : "2.31.1" - }, { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*", - "versionStartIncluding" : "1.11", - "versionEndIncluding" : "1.16" - } ] - } ] - }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.0", - "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "attackVector" : "LOCAL", - "attackComplexity" : "LOW", - "privilegesRequired" : "NONE", - "userInteraction" : "REQUIRED", - "scope" : "UNCHANGED", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "availabilityImpact" : "HIGH", - "baseScore" : 5.5, - "baseSeverity" : "MEDIUM" + { + "cve": { + "id": "CVE-2019-18192", + "sourceIdentifier": "cve@mitre.org", + "published": "2019-10-17T20:15:12.707", + "lastModified": "2024-11-21T04:32:47.937", + "vulnStatus": "Modified", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365." + }, + { + "lang": "es", + "value": "GNU Guix versión 1.0.1, permite a los usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son escribibles por todo el mundo, un problema similar a CVE-2019-17365." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 4.6, + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.9, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] }, - "exploitabilityScore" : 1.8, - "impactScore" : 3.6 - }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "accessVector" : "NETWORK", - "accessComplexity" : "MEDIUM", - "authentication" : "NONE", - "confidentialityImpact" : "NONE", - "integrityImpact" : "NONE", - "availabilityImpact" : "PARTIAL", - "baseScore" : 4.3 - }, - "severity" : "MEDIUM", - "exploitabilityScore" : 8.6, - "impactScore" : 2.9, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : true + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:guix:1.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA9DBA1-9FDE-48F6-ACEB-8D9BFA91A4EE" + } + ] + } + ] + } + ], + "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3", + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://issues.guix.gnu.org/issue/37744", + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] + }, + { + "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Mailing List", + "Patch", + "Third Party Advisory" + ] + }, + { + "url": "https://issues.guix.gnu.org/issue/37744", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] + } + ] } - }, - "publishedDate" : "2019-07-23T14:15Z", - "lastModifiedDate" : "2019-08-22T07:15Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-18192", - "ASSIGNER" : "cve@mitre.org" - }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ ] - } ] - }, - "references" : { - "reference_data" : [ { - "url" : "http://www.openwall.com/lists/oss-security/2019/10/17/3", - "name" : "[oss-security] 20191017 CVE-2019-18192: Insecure permissions on Guix profile directory", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://issues.guix.gnu.org/issue/37744", - "name" : "https://issues.guix.gnu.org/issue/37744", - "refsource" : "MISC", - "tags" : [ ] - } ] - }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365." - } ] - } - }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ ] - }, - "impact" : { }, - "publishedDate" : "2019-10-17T20:15Z", - "lastModifiedDate" : "2019-10-17T20:29Z" - } ] + } + ] } diff --git a/tests/cve.scm b/tests/cve.scm index 90ada2b647..c80059e81f 100644 --- a/tests/cve.scm +++ b/tests/cve.scm @@ -22,6 +22,8 @@ #:use-module (srfi srfi-19) #:use-module (srfi srfi-64)) +;; Generated from the 2019 database : +;; jq -M '.vulnerabilities |= map(select(.cve.id | IN("CVE-2019-14811", "CVE-2019-17365", "CVE-2019-1010180", "CVE-2019-1010204", "CVE-2019-18192", "CVE-2019-0001"))) | .totalResults = (.vulnerabilities | length) | .resultsPerPage = (.vulnerabilities | length)' (define %sample (search-path %load-path "tests/cve-sample.json")) @@ -31,23 +33,19 @@ (define %expected-vulnerabilities ;; What we should get when reading %SAMPLE. (list - (vulnerability "CVE-2019-0001" - ;; Only the "a" CPE configurations are kept; the "o" - ;; configurations are discarded. - '(("juniper" "junos" (or "18.2" (or "18.21-s3" "18.21-s4"))))) - (vulnerability "CVE-2019-0005" - '(("juniper" "junos" (or "18.1" "18.11")))) - ;; CVE-2019-0005 has no "a" configurations. - (vulnerability "CVE-2019-14811" - '(("artifex" "ghostscript" (< "9.28")))) - (vulnerability "CVE-2019-17365" - '(("nixos" "nix" (<= "2.3")))) - (vulnerability "CVE-2019-1010180" - '(("gnu" "gdb" _))) ;any version (vulnerability "CVE-2019-1010204" '(("gnu" "binutils" (and (>= "2.21") (<= "2.31.1"))) ("gnu" "binutils_gold" (and (>= "1.11") (<= "1.16"))))) - ;; CVE-2019-18192 has no associated configurations. + (vulnerability "CVE-2019-1010180" + '(("gnu" "gdb" (< "9.1")))) + (vulnerability "CVE-2019-14811" + '(("artifex" "ghostscript" (< "9.50")))) + (vulnerability "CVE-2019-17365" + '(("nixos" "nix" (<= "2.3")))) + (vulnerability "CVE-2019-18192" + '(("gnu" "guix" "1.0.1"))) + ;; Only the "a" CPE configurations are kept; the "o" configurations are discarded. + ;; This is why CVE-2019-0001 doesn't appear here. )) @@ -55,13 +53,12 @@ (test-equal "json->cve-items" '("CVE-2019-0001" - "CVE-2019-0005" + "CVE-2019-1010204" + "CVE-2019-1010180" "CVE-2019-14811" "CVE-2019-17365" - "CVE-2019-1010180" - "CVE-2019-1010204" "CVE-2019-18192") - (map (compose cve-id cve-item-cve) + (map cve-item-id (call-with-input-file %sample json->cve-items))) (test-equal "cve-item-published-date" @@ -75,32 +72,32 @@ (call-with-input-file %sample json->vulnerabilities)) (test-equal "vulnerabilities->lookup-proc" - (list (list (third %expected-vulnerabilities)) ;ghostscript - (list (third %expected-vulnerabilities)) + (list (list (first %expected-vulnerabilities)) ;binutils + '() + (list (first %expected-vulnerabilities)) '() - (list (fifth %expected-vulnerabilities)) ;gdb - (list (fifth %expected-vulnerabilities)) + (list (second %expected-vulnerabilities)) ;gdb + (list (second %expected-vulnerabilities)) - (list (fourth %expected-vulnerabilities)) ;nix + (list (third %expected-vulnerabilities)) ;ghostscript + (list (third %expected-vulnerabilities)) '() - (list (sixth %expected-vulnerabilities)) ;binutils - '() - (list (sixth %expected-vulnerabilities)) + (list (fourth %expected-vulnerabilities)) ;nix '()) (let* ((vulns (call-with-input-file %sample json->vulnerabilities)) (lookup (vulnerabilities->lookup-proc vulns))) - (list (lookup "ghostscript") - (lookup "ghostscript" "9.27") - (lookup "ghostscript" "9.28") - (lookup "gdb") - (lookup "gdb" "42.0") - (lookup "nix") - (lookup "nix" "2.4") - (lookup "binutils" "2.31.1") + (list (lookup "binutils" "2.31.1") (lookup "binutils" "2.10") (lookup "binutils_gold" "1.11") - (lookup "binutils" "2.32")))) + (lookup "binutils" "2.32") + (lookup "gdb") + (lookup "gdb" "9.0") + (lookup "ghostscript") + (lookup "ghostscript" "9.27") + (lookup "ghostscript" "9.51") + (lookup "nix") + (lookup "nix" "2.4")))) (test-end "cve") diff --git a/tests/guix-environment-container.sh b/tests/guix-environment-container.sh index 220e6b8ec8..411f07754e 100644 --- a/tests/guix-environment-container.sh +++ b/tests/guix-environment-container.sh @@ -230,7 +230,8 @@ storedir="`guile -c '(use-modules (guix config))(display %storedir)'`" localstatedir="`guile -c '(use-modules (guix config))(display %localstatedir)'`" NIX_STORE_DIR="$storedir" GUIX_DAEMON_SOCKET="$localstatedir/guix/daemon-socket/socket" -export NIX_STORE_DIR GUIX_DAEMON_SOCKET +GUIX_BUILD_OPTIONS="--timeout=180" # set an upper limit +export NIX_STORE_DIR GUIX_DAEMON_SOCKET GUIX_BUILD_OPTIONS if ! guile -c '(use-modules (guix)) (exit (false-if-exception (open-connection)))' then diff --git a/tests/guix-home.sh b/tests/guix-home.sh index b8d90196f1..76befed613 100644 --- a/tests/guix-home.sh +++ b/tests/guix-home.sh @@ -39,7 +39,8 @@ container_supported () localstatedir="$(guile -c '(use-modules (guix config))(display %localstatedir)')" NIX_STORE_DIR="$(guile -c '(use-modules (guix config))(display %storedir)')" GUIX_DAEMON_SOCKET="$localstatedir/guix/daemon-socket/socket" -export NIX_STORE_DIR GUIX_DAEMON_SOCKET +GUIX_BUILD_OPTIONS="--timeout=180" # set an upper limit +export NIX_STORE_DIR GUIX_DAEMON_SOCKET GUIX_BUILD_OPTIONS # Run tests only when a "real" daemon is available. if ! guile -c '(use-modules (guix)) (exit (false-if-exception (open-connection)))' diff --git a/tests/guix-pack-localstatedir.sh b/tests/guix-pack-localstatedir.sh index 042887ea9b..c9e13bbc87 100644 --- a/tests/guix-pack-localstatedir.sh +++ b/tests/guix-pack-localstatedir.sh @@ -31,7 +31,8 @@ storedir="`guile -c '(use-modules (guix config))(display %storedir)'`" localstatedir="`guile -c '(use-modules (guix config))(display %localstatedir)'`" NIX_STORE_DIR="$storedir" GUIX_DAEMON_SOCKET="$localstatedir/guix/daemon-socket/socket" -export NIX_STORE_DIR GUIX_DAEMON_SOCKET +GUIX_BUILD_OPTIONS="--timeout=180" # set an upper limit +export NIX_STORE_DIR GUIX_DAEMON_SOCKET GUIX_BUILD_OPTIONS if ! guile -c '(use-modules (guix)) (exit (false-if-exception (open-connection)))' then diff --git a/tests/guix-pack-relocatable.sh b/tests/guix-pack-relocatable.sh index aea02e16f6..228954bd9d 100644 --- a/tests/guix-pack-relocatable.sh +++ b/tests/guix-pack-relocatable.sh @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2018, 2019, 2020, 2023 Ludovic Courtès <ludo@gnu.org> +# Copyright © 2018-2020, 2023, 2025 Ludovic Courtès <ludo@gnu.org> # Copyright © 2020 Eric Bavier <bavier@posteo.net> # # This file is part of GNU Guix. @@ -32,7 +32,8 @@ storedir="`guile -c '(use-modules (guix config))(display %storedir)'`" localstatedir="`guile -c '(use-modules (guix config))(display %localstatedir)'`" NIX_STORE_DIR="$storedir" GUIX_DAEMON_SOCKET="$localstatedir/guix/daemon-socket/socket" -export NIX_STORE_DIR GUIX_DAEMON_SOCKET +GUIX_BUILD_OPTIONS="--timeout=180" +export NIX_STORE_DIR GUIX_DAEMON_SOCKET GUIX_BUILD_OPTIONS if ! guile -c '(use-modules (guix)) (exit (false-if-exception (open-connection)))' then |