@@ 1,1279 1,1710 @@
{
- "CVE_data_type" : "CVE",
- "CVE_data_format" : "MITRE",
- "CVE_data_version" : "4.0",
- "CVE_data_numberOfCVEs" : "9826",
- "CVE_data_timestamp" : "2019-10-17T07:00Z",
- "CVE_Items" : [ {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-0001",
- "ASSIGNER" : "cve@mitre.org"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-400"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/106541",
- "name" : "106541",
- "refsource" : "BID",
- "tags" : [ "Third Party Advisory", "VDB Entry" ]
- }, {
- "url" : "https://kb.juniper.net/JSA10900",
- "name" : "https://kb.juniper.net/JSA10900",
- "refsource" : "CONFIRM",
- "tags" : [ "Vendor Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:*:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s3:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s4:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
- "attackVector" : "NETWORK",
- "attackComplexity" : "HIGH",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 5.9,
- "baseSeverity" : "MEDIUM"
- },
- "exploitabilityScore" : 2.2,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "COMPLETE",
- "baseScore" : 7.1
+ "resultsPerPage": 6,
+ "startIndex": 0,
+ "totalResults": 6,
+ "format": "NVD_CVE",
+ "version": "2.0",
+ "timestamp": "2025-08-23T03:01:35.4173588",
+ "vulnerabilities": [
+ {
+ "cve": {
+ "id": "CVE-2019-0001",
+ "sourceIdentifier": "sirt@juniper.net",
+ "published": "2019-01-15T21:29:00.760",
+ "lastModified": "2024-11-21T04:16:01.113",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2."
+ },
+ {
+ "lang": "es",
+ "value": "La recepción de un paquete mal formado en dispositivos MX Series con una configuración vlan dinámica puede desencadenar un bucle de recursión no controlado en el demonio de gestión de suscriptores Broadband Edge (bbe-smgd) y conducir a un alto uso de CPU y el cierre inesperado del servicio bbe-smgd. La recepción repetida del mismo paquete puede resultar en una condición de denegación de servicio (DoS) extendida para los dispositivos. Las versiones afectadas son Juniper Networks Junos OS: 16.1 en versiones anteriores a la 16.1R7-S1; 16.2 en versiones anteriores a la 16.2R2-S7; 17.1 en versiones anteriores a la 17.1R2-S10, 17.1R3; 17.2 en versiones anteriores a la 17.2R3; 17.3 en versiones anteriores a la 17.3R3-S1; 17.4 en versiones anteriores a la 17.4R2; 18.1 en versiones anteriores a la 18.1R3 y 18.2 en versiones anteriores a la 18.2R2."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ],
+ "cvssMetricV30": [
+ {
+ "source": "sirt@juniper.net",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
+ "baseScore": 7.1,
+ "accessVector": "NETWORK",
+ "accessComplexity": "MEDIUM",
+ "authentication": "NONE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "COMPLETE"
+ },
+ "baseSeverity": "HIGH",
+ "exploitabilityScore": 8.6,
+ "impactScore": 6.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
},
- "severity" : "HIGH",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.9,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
+ "weaknesses": [
+ {
+ "source": "sirt@juniper.net",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-674"
+ }
+ ]
+ },
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-674"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "258A380C-1EA0-407D-B7E3-4A2E8820119C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "BBE35BDC-7739-4854-8BB8-E8600603DE9D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "2DC47132-9EEA-4518-8F86-5CD231FBFB61"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*",
+ "matchCriteriaId": "CD5A30CE-9498-4007-8E66-FD0CC6CF1836"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*",
+ "matchCriteriaId": "07CD1E7C-24EA-46B7-964C-C78FF64AFAE6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*",
+ "matchCriteriaId": "8A457C57-4A36-433D-9473-5ABC091DF316"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*",
+ "matchCriteriaId": "6D3E38C1-808C-4BD3-993D-F30855F5390F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*",
+ "matchCriteriaId": "C2AF9C4B-23E6-485D-A115-2B728E929C6A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "1FD11073-DC27-41F8-A6A2-7E22A062D14E"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "2A78389E-868C-422D-9AA3-8A672DF6C2AF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "85BFC22F-A6B3-4306-A28B-5D78FFA6402D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "99276E50-825C-4BB4-8496-1F81BDA21655"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*",
+ "matchCriteriaId": "72194CB7-FFDC-4897-9D6E-EA3459DDDEB5"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "C88635DB-09B1-4DA1-8FC3-2F7A7E42819C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*",
+ "matchCriteriaId": "92F35C19-5AD2-4F98-8313-2E880714DF3B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "DF5A9D31-ED7D-4390-B46D-7E46089DB932"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "90B94472-0E32-48AD-A690-AABB2C53CA58"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*",
+ "matchCriteriaId": "6B4A4960-0241-4BF4-8857-8B7BE33466B6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "9677CE18-B955-432F-BA2B-AAE3D0CA0F16"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "3661BC68-6F32-447F-8D20-FD73FBBED9C6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "84DD80BF-BF7E-447B-AA74-00B3D8036E36"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "57B89EEB-222D-46AA-BC8F-4EE7E17BA7B6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "ECAE613D-1317-4D2E-8A61-980CD5DEAED8"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "BAB2D63C-C966-42CA-85A9-09820D00A2D8"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*",
+ "matchCriteriaId": "CC9B5CDE-3A50-4CD3-962A-FA0989939F37"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "7572C187-4D58-4E0D-A605-B2B13EFF5C6B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "E34A149E-C2ED-4D86-A105-0A2775654AE7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "4E0D42C4-9B4D-44F9-BC84-E7994404598B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "DE2C20D8-3C73-4B87-BA41-DBFBCA5FBA58"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "54D887B4-D2F4-4537-8298-B98D01396F12"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "1C1B5AE6-A323-4744-BCA1-25E46D2D27BB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "0AB39E2F-0D67-4FA6-84B8-36684E971002"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "A32C3702-48DE-47CF-B0D1-3A629676AD03"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "B9695B3E-FCDA-4DF0-B714-8B4F87AA647D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*",
+ "matchCriteriaId": "36214C23-82C8-4A3E-9FF8-04F85FF8B2B7"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*",
+ "matchCriteriaId": "F3778643-1684-4549-A764-A1909C14B4B3"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "BCEE8D9C-6D64-4A9B-A74A-57A0BF4086C6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "E889BF9C-BDDF-4A6A-97BB-00A097EF6D91"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "8BCF0612-AF16-4925-8E42-77734513F923"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "595987A6-D8CE-41ED-B51C-EF9CD3B47AD0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "7B5A2205-C40B-4746-9A23-1973433FF065"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "CFA3526C-FF53-4823-B6AC-0BA91BFB532D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "AA92B7F8-705B-410F-BDA3-7C28FF51967F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "9689695F-53EB-4B35-9072-750E7282B011"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*",
+ "matchCriteriaId": "4F7CE683-5647-455B-936C-DF0D973A180A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s11:*:*:*:*:*:*",
+ "matchCriteriaId": "BA433E05-83F8-410D-AEB3-3A02BAB0BE0B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "B87ECEAD-FD18-4252-8D46-F281DD4125AC"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "C6788EE2-B0DA-470E-B72E-E8D5CCFB5259"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A283D32F-1CAF-4A5A-83E1-585F2801771F"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "38A40E03-F915-4888-87B0-5950F75F097D"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*",
+ "matchCriteriaId": "69FC46D4-39E2-4E2F-A1D3-1001769A7115"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "32F83E8B-A816-4F26-95F8-F0DA7F3DF426"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "2C433359-BC8B-4E69-BE74-A31EB148083A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "BCA2976C-C84B-40D9-A806-588629BFFB13"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "A2C7B980-033E-40AC-98C9-B252733B0F43"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "BA8D32E4-1892-46DC-9782-5466A14E18D9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*",
+ "matchCriteriaId": "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A00CA6FB-8F28-4171-B510-8DBA351E80C0"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "988D317A-0646-491F-9B97-853E8E208276"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*",
+ "matchCriteriaId": "605F1AD7-5B09-44F0-9017-15AB3EEE559C"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*",
+ "matchCriteriaId": "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "4E4EB6B0-8DB2-4199-96E4-30195D49F756"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*",
+ "matchCriteriaId": "9D8A8E33-473A-4A40-A7B7-47086BB9012A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*",
+ "matchCriteriaId": "F0F65DCA-34B9-4CE8-91C9-426AAAEB4097"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*",
+ "matchCriteriaId": "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*",
+ "matchCriteriaId": "167EEC4F-729E-47C2-B0F8-E8108CE3E985"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*",
+ "matchCriteriaId": "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*",
+ "matchCriteriaId": "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*",
+ "matchCriteriaId": "238EC996-8E8C-4332-916F-09E54E6EBB9D"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://www.securityfocus.com/bid/106541",
+ "source": "sirt@juniper.net",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ },
+ {
+ "url": "https://kb.juniper.net/JSA10900",
+ "source": "sirt@juniper.net",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/",
+ "source": "sirt@juniper.net"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/",
+ "source": "sirt@juniper.net"
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/106541",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ },
+ {
+ "url": "https://kb.juniper.net/JSA10900",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Vendor Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ }
+ ]
}
},
- "publishedDate" : "2019-01-15T21:29Z",
- "lastModifiedDate" : "2019-10-09T23:43Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-0005",
- "ASSIGNER" : "cve@mitre.org"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-400"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/106665",
- "name" : "106665",
- "refsource" : "BID",
- "tags" : [ "Third Party Advisory" ]
- }, {
- "url" : "https://kb.juniper.net/JSA10905",
- "name" : "https://kb.juniper.net/JSA10905",
- "refsource" : "CONFIRM",
- "tags" : [ "Vendor Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d40:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d42:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d43:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d44:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d45:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d46:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d210:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d230:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d234:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d590:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:gfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- }, {
- "operator" : "AND",
- "children" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:r1:*:*:*:*:*:*"
- } ]
- }, {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*"
- }, {
- "vulnerable" : false,
- "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*"
- } ]
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
- "attackVector" : "NETWORK",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "LOW",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.3,
- "baseSeverity" : "MEDIUM"
+ {
+ "cve": {
+ "id": "CVE-2019-1010204",
+ "sourceIdentifier": "josh@bress.net",
+ "published": "2019-07-23T14:15:13.373",
+ "lastModified": "2024-11-21T04:18:03.163",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened."
+ },
+ {
+ "lang": "es",
+ "value": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) está afectado por: Validación incorrecta de entrada, comparación firmada / sin firmar, lectura fuera de límites. El impacto es: Denegación de servicio. El componente es: gold / fileread.cc: 497, elfcpp / elfcpp_file.h: 644. El vector de ataque es: Se debe abrir un archivo ELF con un campo de encabezado e_shoff no válido."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
+ "baseScore": 4.3,
+ "accessVector": "NETWORK",
+ "accessComplexity": "MEDIUM",
+ "authentication": "NONE",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.6,
+ "impactScore": 2.9,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": true
+ }
+ ]
},
- "exploitabilityScore" : 3.9,
- "impactScore" : 1.4
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
- "accessVector" : "NETWORK",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "NONE",
- "baseScore" : 5.0
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 10.0,
- "impactScore" : 2.9,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2019-01-15T21:29Z",
- "lastModifiedDate" : "2019-02-14T18:40Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-14811",
- "ASSIGNER" : "cve@mitre.org"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-264"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html",
- "name" : "openSUSE-SU-2019:2223",
- "refsource" : "SUSE",
- "tags" : [ ]
- }, {
- "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html",
- "name" : "openSUSE-SU-2019:2222",
- "refsource" : "SUSE",
- "tags" : [ ]
- }, {
- "url" : "https://access.redhat.com/errata/RHBA-2019:2824",
- "name" : "RHBA-2019:2824",
- "refsource" : "REDHAT",
- "tags" : [ ]
- }, {
- "url" : "https://access.redhat.com/errata/RHSA-2019:2594",
- "name" : "RHSA-2019:2594",
- "refsource" : "REDHAT",
- "tags" : [ ]
- }, {
- "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811",
- "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811",
- "refsource" : "CONFIRM",
- "tags" : [ "Exploit", "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ]
- }, {
- "url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html",
- "name" : "[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update",
- "refsource" : "MLIST",
- "tags" : [ ]
- }, {
- "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/",
- "name" : "FEDORA-2019-ebd6c4f15a",
- "refsource" : "FEDORA",
- "tags" : [ ]
- }, {
- "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/",
- "name" : "FEDORA-2019-0a9d525d71",
- "refsource" : "FEDORA",
- "tags" : [ ]
- }, {
- "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/",
- "name" : "FEDORA-2019-953fc0f16d",
- "refsource" : "FEDORA",
- "tags" : [ ]
- }, {
- "url" : "https://seclists.org/bugtraq/2019/Sep/15",
- "name" : "20190910 [SECURITY] [DSA 4518-1] ghostscript security update",
- "refsource" : "BUGTRAQ",
- "tags" : [ ]
- }, {
- "url" : "https://www.debian.org/security/2019/dsa-4518",
- "name" : "DSA-4518",
- "refsource" : "DEBIAN",
- "tags" : [ ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands."
- } ]
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ },
+ {
+ "lang": "en",
+ "value": "CWE-681"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "2.21",
+ "versionEndIncluding": "2.31.1",
+ "matchCriteriaId": "B1BF4DF3-4D96-4488-A1F7-38A7AF5DC725"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*",
+ "versionStartIncluding": "1.11",
+ "versionEndIncluding": "1.16",
+ "matchCriteriaId": "52A4DA53-C77B-4E9E-94E3-D7F63C44A2F6"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20190822-0001/",
+ "source": "josh@bress.net",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
+ "source": "josh@bress.net",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS",
+ "source": "josh@bress.net"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20190822-0001/",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ }
+ ]
}
},
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
- "versionEndExcluding" : "9.28"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
+ {
+ "cve": {
+ "id": "CVE-2019-1010180",
+ "sourceIdentifier": "josh@bress.net",
+ "published": "2019-07-24T13:15:10.997",
+ "lastModified": "2024-11-21T04:18:01.790",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet."
+ },
+ {
+ "lang": "es",
+ "value": "GNU gdb Todas las versiones se ven afectadas por: Desbordamiento de búfer - Acceso a memoria fuera de enlace. El impacto es: Denegación de servicio, Divulgación de memoria y Posible ejecución de código. El componente es: El módulo principal de gdb. El vector de ataque es: Abra un ELF para la depuración. La versión arregladas es: Aún no está arreglada."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+ "baseScore": 6.8,
+ "accessVector": "NETWORK",
+ "accessComplexity": "MEDIUM",
+ "authentication": "NONE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.6,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": true
+ }
+ ]
},
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.8
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.4,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2019-09-03T16:15Z",
- "lastModifiedDate" : "2019-09-10T03:15Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-17365",
- "ASSIGNER" : "cve@mitre.org"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-276"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.openwall.com/lists/oss-security/2019/10/09/4",
- "name" : "http://www.openwall.com/lists/oss-security/2019/10/09/4",
- "refsource" : "MISC",
- "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ]
- }, {
- "url" : "http://www.openwall.com/lists/oss-security/2019/10/10/1",
- "name" : "[oss-security] 20191010 Re: CVE-2019-17365: Nix per-user profile directory hijack",
- "refsource" : "MLIST",
- "tags" : [ "Third Party Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable."
- } ]
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-125"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.1",
+ "matchCriteriaId": "2855B0DE-972E-4536-9D6E-3C57C4253177"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html",
+ "source": "josh@bress.net",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html",
+ "source": "josh@bress.net",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html",
+ "source": "josh@bress.net",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html",
+ "source": "josh@bress.net",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/109367",
+ "source": "josh@bress.net",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202003-31",
+ "source": "josh@bress.net",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23657",
+ "source": "josh@bress.net",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.securityfocus.com/bid/109367",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory",
+ "VDB Entry"
+ ]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202003-31",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23657",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ }
+ ]
}
},
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
- "versionEndIncluding" : "2.3"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.1",
- "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "LOW",
- "userInteraction" : "NONE",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
- "accessVector" : "LOCAL",
- "accessComplexity" : "LOW",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.6
+ {
+ "cve": {
+ "id": "CVE-2019-14811",
+ "sourceIdentifier": "secalert@redhat.com",
+ "published": "2019-09-03T16:15:11.573",
+ "lastModified": "2024-11-21T04:27:24.480",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands."
+ },
+ {
+ "lang": "es",
+ "value": "Se detecto un defecto en, ghostscript en versiones anteriores a la 9.50, en el procedimiento .pdf_hook_DSC_Creator donde no aseguró adecuadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones `-dSAFER`. Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y luego tener acceso al sistema de archivos o ejecutar comandos arbitrarios."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ],
+ "cvssMetricV30": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.0",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "LOW"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.4
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
+ "baseScore": 6.8,
+ "accessVector": "NETWORK",
+ "accessComplexity": "MEDIUM",
+ "authentication": "NONE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 8.6,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": true
+ }
+ ]
},
- "severity" : "MEDIUM",
- "exploitabilityScore" : 3.9,
- "impactScore" : 6.4,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : false
- }
- },
- "publishedDate" : "2019-10-09T22:15Z",
- "lastModifiedDate" : "2019-10-11T13:19Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-1010180",
- "ASSIGNER" : "cve@mitre.org"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-119"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.securityfocus.com/bid/109367",
- "name" : "109367",
- "refsource" : "BID",
- "tags" : [ "Third Party Advisory", "VDB Entry" ]
- }, {
- "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657",
- "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657",
- "refsource" : "MISC",
- "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet."
- } ]
+ "weaknesses": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-648"
+ }
+ ]
+ },
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-863"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "9.50",
+ "matchCriteriaId": "1F129EB4-EEB2-46F1-8DAA-E016D7EE1356"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
+ "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
+ "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
+ "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHBA-2019:2824",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2019:2594",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Mitigation",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/",
+ "source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/",
+ "source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/",
+ "source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://seclists.org/bugtraq/2019/Sep/15",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202004-03",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.debian.org/security/2019/dsa-4518",
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHBA-2019:2824",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2019:2594",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Mitigation",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
+ {
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/",
+ "source": "af854a3a-2127-422b-91ae-364da2661108"
+ },
+ {
+ "url": "https://seclists.org/bugtraq/2019/Sep/15",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://security.gentoo.org/glsa/202004-03",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://www.debian.org/security/2019/dsa-4518",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Third Party Advisory"
+ ]
+ }
+ ]
}
},
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "HIGH",
- "integrityImpact" : "HIGH",
- "availabilityImpact" : "HIGH",
- "baseScore" : 7.8,
- "baseSeverity" : "HIGH"
- },
- "exploitabilityScore" : 1.8,
- "impactScore" : 5.9
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "PARTIAL",
- "integrityImpact" : "PARTIAL",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 6.8
+ {
+ "cve": {
+ "id": "CVE-2019-17365",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2019-10-09T22:15:10.670",
+ "lastModified": "2025-01-15T14:29:23.370",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable."
+ },
+ {
+ "lang": "es",
+ "value": "Nix versiones hasta 2.3, permite a usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son de tipo world writable."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+ "baseScore": 4.6,
+ "accessVector": "LOCAL",
+ "accessComplexity": "LOW",
+ "authentication": "NONE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 3.9,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
},
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 6.4,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
- }
- },
- "publishedDate" : "2019-07-24T13:15Z",
- "lastModifiedDate" : "2019-08-01T15:39Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-1010204",
- "ASSIGNER" : "cve@mitre.org"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ {
- "lang" : "en",
- "value" : "CWE-125"
- }, {
- "lang" : "en",
- "value" : "CWE-20"
- } ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "https://security.netapp.com/advisory/ntap-20190822-0001/",
- "name" : "https://security.netapp.com/advisory/ntap-20190822-0001/",
- "refsource" : "CONFIRM",
- "tags" : [ ]
- }, {
- "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
- "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
- "refsource" : "MISC",
- "tags" : [ "Issue Tracking", "Third Party Advisory" ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened."
- } ]
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-276"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.3",
+ "matchCriteriaId": "41CBEDE7-C5CA-4533-8F81-940E20658FDF"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/09/4",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/10/1",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/09/4",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Exploit",
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/10/1",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Third Party Advisory"
+ ]
+ }
+ ]
}
},
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ {
- "operator" : "OR",
- "cpe_match" : [ {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "2.21",
- "versionEndIncluding" : "2.31.1"
- }, {
- "vulnerable" : true,
- "cpe23Uri" : "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*",
- "versionStartIncluding" : "1.11",
- "versionEndIncluding" : "1.16"
- } ]
- } ]
- },
- "impact" : {
- "baseMetricV3" : {
- "cvssV3" : {
- "version" : "3.0",
- "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
- "attackVector" : "LOCAL",
- "attackComplexity" : "LOW",
- "privilegesRequired" : "NONE",
- "userInteraction" : "REQUIRED",
- "scope" : "UNCHANGED",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "HIGH",
- "baseScore" : 5.5,
- "baseSeverity" : "MEDIUM"
+ {
+ "cve": {
+ "id": "CVE-2019-18192",
+ "sourceIdentifier": "cve@mitre.org",
+ "published": "2019-10-17T20:15:12.707",
+ "lastModified": "2024-11-21T04:32:47.937",
+ "vulnStatus": "Modified",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365."
+ },
+ {
+ "lang": "es",
+ "value": "GNU Guix versión 1.0.1, permite a los usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son escribibles por todo el mundo, un problema similar a CVE-2019-17365."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ],
+ "cvssMetricV2": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "2.0",
+ "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+ "baseScore": 4.6,
+ "accessVector": "LOCAL",
+ "accessComplexity": "LOW",
+ "authentication": "NONE",
+ "confidentialityImpact": "PARTIAL",
+ "integrityImpact": "PARTIAL",
+ "availabilityImpact": "PARTIAL"
+ },
+ "baseSeverity": "MEDIUM",
+ "exploitabilityScore": 3.9,
+ "impactScore": 6.4,
+ "acInsufInfo": false,
+ "obtainAllPrivilege": false,
+ "obtainUserPrivilege": false,
+ "obtainOtherPrivilege": false,
+ "userInteractionRequired": false
+ }
+ ]
},
- "exploitabilityScore" : 1.8,
- "impactScore" : 3.6
- },
- "baseMetricV2" : {
- "cvssV2" : {
- "version" : "2.0",
- "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
- "accessVector" : "NETWORK",
- "accessComplexity" : "MEDIUM",
- "authentication" : "NONE",
- "confidentialityImpact" : "NONE",
- "integrityImpact" : "NONE",
- "availabilityImpact" : "PARTIAL",
- "baseScore" : 4.3
- },
- "severity" : "MEDIUM",
- "exploitabilityScore" : 8.6,
- "impactScore" : 2.9,
- "acInsufInfo" : false,
- "obtainAllPrivilege" : false,
- "obtainUserPrivilege" : false,
- "obtainOtherPrivilege" : false,
- "userInteractionRequired" : true
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-732"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:gnu:guix:1.0.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "EBA9DBA1-9FDE-48F6-ACEB-8D9BFA91A4EE"
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Mailing List",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://issues.guix.gnu.org/issue/37744",
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2019/10/17/3",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Mailing List",
+ "Patch",
+ "Third Party Advisory"
+ ]
+ },
+ {
+ "url": "https://issues.guix.gnu.org/issue/37744",
+ "source": "af854a3a-2127-422b-91ae-364da2661108",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Third Party Advisory"
+ ]
+ }
+ ]
}
- },
- "publishedDate" : "2019-07-23T14:15Z",
- "lastModifiedDate" : "2019-08-22T07:15Z"
- }, {
- "cve" : {
- "data_type" : "CVE",
- "data_format" : "MITRE",
- "data_version" : "4.0",
- "CVE_data_meta" : {
- "ID" : "CVE-2019-18192",
- "ASSIGNER" : "cve@mitre.org"
- },
- "problemtype" : {
- "problemtype_data" : [ {
- "description" : [ ]
- } ]
- },
- "references" : {
- "reference_data" : [ {
- "url" : "http://www.openwall.com/lists/oss-security/2019/10/17/3",
- "name" : "[oss-security] 20191017 CVE-2019-18192: Insecure permissions on Guix profile directory",
- "refsource" : "MLIST",
- "tags" : [ ]
- }, {
- "url" : "https://issues.guix.gnu.org/issue/37744",
- "name" : "https://issues.guix.gnu.org/issue/37744",
- "refsource" : "MISC",
- "tags" : [ ]
- } ]
- },
- "description" : {
- "description_data" : [ {
- "lang" : "en",
- "value" : "GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365."
- } ]
- }
- },
- "configurations" : {
- "CVE_data_version" : "4.0",
- "nodes" : [ ]
- },
- "impact" : { },
- "publishedDate" : "2019-10-17T20:15Z",
- "lastModifiedDate" : "2019-10-17T20:29Z"
- } ]
+ }
+ ]
}