Commit | Line | Data |
---|---|---|
74afaa37 LC |
1 | { |
2 | "CVE_data_type" : "CVE", | |
3 | "CVE_data_format" : "MITRE", | |
4 | "CVE_data_version" : "4.0", | |
5 | "CVE_data_numberOfCVEs" : "9826", | |
6 | "CVE_data_timestamp" : "2019-10-17T07:00Z", | |
7 | "CVE_Items" : [ { | |
8 | "cve" : { | |
9 | "data_type" : "CVE", | |
10 | "data_format" : "MITRE", | |
11 | "data_version" : "4.0", | |
12 | "CVE_data_meta" : { | |
13 | "ID" : "CVE-2019-0001", | |
14 | "ASSIGNER" : "cve@mitre.org" | |
15 | }, | |
16 | "problemtype" : { | |
17 | "problemtype_data" : [ { | |
18 | "description" : [ { | |
19 | "lang" : "en", | |
20 | "value" : "CWE-400" | |
21 | } ] | |
22 | } ] | |
23 | }, | |
24 | "references" : { | |
25 | "reference_data" : [ { | |
26 | "url" : "http://www.securityfocus.com/bid/106541", | |
27 | "name" : "106541", | |
28 | "refsource" : "BID", | |
29 | "tags" : [ "Third Party Advisory", "VDB Entry" ] | |
30 | }, { | |
31 | "url" : "https://kb.juniper.net/JSA10900", | |
32 | "name" : "https://kb.juniper.net/JSA10900", | |
33 | "refsource" : "CONFIRM", | |
34 | "tags" : [ "Vendor Advisory" ] | |
35 | } ] | |
36 | }, | |
37 | "description" : { | |
38 | "description_data" : [ { | |
39 | "lang" : "en", | |
40 | "value" : "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2." | |
41 | } ] | |
42 | } | |
43 | }, | |
44 | "configurations" : { | |
45 | "CVE_data_version" : "4.0", | |
46 | "nodes" : [ { | |
47 | "operator" : "OR", | |
48 | "cpe_match" : [ { | |
49 | "vulnerable" : true, | |
50 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*" | |
51 | } ] | |
52 | } { | |
53 | "operator" : "OR", | |
54 | "cpe_match" : [ { | |
55 | "vulnerable" : true, | |
56 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.2:*:*:*:*:*:*:*" | |
57 | } ] | |
58 | }, { | |
59 | "operator" : "OR", | |
60 | "cpe_match" : [ { | |
61 | "vulnerable" : true, | |
62 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*" | |
63 | }, { | |
64 | "vulnerable" : true, | |
65 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*" | |
66 | }, { | |
67 | "vulnerable" : true, | |
68 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*" | |
69 | } ] | |
70 | }, { | |
71 | "operator" : "OR", | |
72 | "cpe_match" : [ { | |
73 | "vulnerable" : true, | |
74 | "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:*:*:*:*:*:*:*" | |
75 | }, { | |
76 | "vulnerable" : true, | |
77 | "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s3:*:*:*:*:*:*" | |
78 | }, { | |
79 | "vulnerable" : true, | |
80 | "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.2:r1-s4:*:*:*:*:*:*" | |
81 | } ] | |
82 | } ] | |
83 | }, | |
84 | "impact" : { | |
85 | "baseMetricV3" : { | |
86 | "cvssV3" : { | |
87 | "version" : "3.0", | |
88 | "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", | |
89 | "attackVector" : "NETWORK", | |
90 | "attackComplexity" : "HIGH", | |
91 | "privilegesRequired" : "NONE", | |
92 | "userInteraction" : "NONE", | |
93 | "scope" : "UNCHANGED", | |
94 | "confidentialityImpact" : "NONE", | |
95 | "integrityImpact" : "NONE", | |
96 | "availabilityImpact" : "HIGH", | |
97 | "baseScore" : 5.9, | |
98 | "baseSeverity" : "MEDIUM" | |
99 | }, | |
100 | "exploitabilityScore" : 2.2, | |
101 | "impactScore" : 3.6 | |
102 | }, | |
103 | "baseMetricV2" : { | |
104 | "cvssV2" : { | |
105 | "version" : "2.0", | |
106 | "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", | |
107 | "accessVector" : "NETWORK", | |
108 | "accessComplexity" : "MEDIUM", | |
109 | "authentication" : "NONE", | |
110 | "confidentialityImpact" : "NONE", | |
111 | "integrityImpact" : "NONE", | |
112 | "availabilityImpact" : "COMPLETE", | |
113 | "baseScore" : 7.1 | |
114 | }, | |
115 | "severity" : "HIGH", | |
116 | "exploitabilityScore" : 8.6, | |
117 | "impactScore" : 6.9, | |
118 | "acInsufInfo" : false, | |
119 | "obtainAllPrivilege" : false, | |
120 | "obtainUserPrivilege" : false, | |
121 | "obtainOtherPrivilege" : false, | |
122 | "userInteractionRequired" : false | |
123 | } | |
124 | }, | |
125 | "publishedDate" : "2019-01-15T21:29Z", | |
126 | "lastModifiedDate" : "2019-10-09T23:43Z" | |
127 | }, { | |
128 | "cve" : { | |
129 | "data_type" : "CVE", | |
130 | "data_format" : "MITRE", | |
131 | "data_version" : "4.0", | |
132 | "CVE_data_meta" : { | |
133 | "ID" : "CVE-2019-0005", | |
134 | "ASSIGNER" : "cve@mitre.org" | |
135 | }, | |
136 | "problemtype" : { | |
137 | "problemtype_data" : [ { | |
138 | "description" : [ { | |
139 | "lang" : "en", | |
140 | "value" : "CWE-400" | |
141 | } ] | |
142 | } ] | |
143 | }, | |
144 | "references" : { | |
145 | "reference_data" : [ { | |
146 | "url" : "http://www.securityfocus.com/bid/106665", | |
147 | "name" : "106665", | |
148 | "refsource" : "BID", | |
149 | "tags" : [ "Third Party Advisory" ] | |
150 | }, { | |
151 | "url" : "https://kb.juniper.net/JSA10905", | |
152 | "name" : "https://kb.juniper.net/JSA10905", | |
153 | "refsource" : "CONFIRM", | |
154 | "tags" : [ "Vendor Advisory" ] | |
155 | } ] | |
156 | }, | |
157 | "description" : { | |
158 | "description_data" : [ { | |
159 | "lang" : "en", | |
160 | "value" : "On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2." | |
161 | } ] | |
162 | } | |
163 | }, | |
164 | "configurations" : { | |
165 | "CVE_data_version" : "4.0", | |
166 | "nodes" : [ { | |
167 | "operator" : "AND", | |
168 | "children" : [ { | |
169 | "operator" : "OR", | |
170 | "cpe_match" : [ { | |
171 | "vulnerable" : true, | |
172 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:*:*:*:*:*:*:*" | |
173 | }, { | |
174 | "vulnerable" : true, | |
175 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d10:*:*:*:*:*:*" | |
176 | }, { | |
177 | "vulnerable" : true, | |
178 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d15:*:*:*:*:*:*" | |
179 | }, { | |
180 | "vulnerable" : true, | |
181 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d16:*:*:*:*:*:*" | |
182 | }, { | |
183 | "vulnerable" : true, | |
184 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d25:*:*:*:*:*:*" | |
185 | }, { | |
186 | "vulnerable" : true, | |
187 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d26:*:*:*:*:*:*" | |
188 | }, { | |
189 | "vulnerable" : true, | |
190 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d27:*:*:*:*:*:*" | |
191 | }, { | |
192 | "vulnerable" : true, | |
193 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d30:*:*:*:*:*:*" | |
194 | }, { | |
195 | "vulnerable" : true, | |
196 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d35:*:*:*:*:*:*" | |
197 | }, { | |
198 | "vulnerable" : true, | |
199 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d40:*:*:*:*:*:*" | |
200 | }, { | |
201 | "vulnerable" : true, | |
202 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d42:*:*:*:*:*:*" | |
203 | }, { | |
204 | "vulnerable" : true, | |
205 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d43:*:*:*:*:*:*" | |
206 | }, { | |
207 | "vulnerable" : true, | |
208 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d44:*:*:*:*:*:*" | |
209 | }, { | |
210 | "vulnerable" : true, | |
211 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d45:*:*:*:*:*:*" | |
212 | }, { | |
213 | "vulnerable" : true, | |
214 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:14.1x53:d46:*:*:*:*:*:*" | |
215 | } ] | |
216 | }, { | |
217 | "operator" : "OR", | |
218 | "cpe_match" : [ { | |
219 | "vulnerable" : false, | |
220 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" | |
221 | }, { | |
222 | "vulnerable" : false, | |
223 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" | |
224 | }, { | |
225 | "vulnerable" : false, | |
226 | "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" | |
227 | }, { | |
228 | "vulnerable" : false, | |
229 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" | |
230 | }, { | |
231 | "vulnerable" : false, | |
232 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" | |
233 | }, { | |
234 | "vulnerable" : false, | |
235 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" | |
236 | }, { | |
237 | "vulnerable" : false, | |
238 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" | |
239 | }, { | |
240 | "vulnerable" : false, | |
241 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" | |
242 | }, { | |
243 | "vulnerable" : false, | |
244 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
245 | }, { | |
246 | "vulnerable" : false, | |
247 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" | |
248 | }, { | |
249 | "vulnerable" : false, | |
250 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
251 | }, { | |
252 | "vulnerable" : false, | |
253 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" | |
254 | } ] | |
255 | } ] | |
256 | }, { | |
257 | "operator" : "AND", | |
258 | "children" : [ { | |
259 | "operator" : "OR", | |
260 | "cpe_match" : [ { | |
261 | "vulnerable" : true, | |
262 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:*:*:*:*:*:*:*" | |
263 | }, { | |
264 | "vulnerable" : true, | |
265 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r1:*:*:*:*:*:*" | |
266 | }, { | |
267 | "vulnerable" : true, | |
268 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r2:*:*:*:*:*:*" | |
269 | }, { | |
270 | "vulnerable" : true, | |
271 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r3:*:*:*:*:*:*" | |
272 | }, { | |
273 | "vulnerable" : true, | |
274 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r4:*:*:*:*:*:*" | |
275 | }, { | |
276 | "vulnerable" : true, | |
277 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r5:*:*:*:*:*:*" | |
278 | }, { | |
279 | "vulnerable" : true, | |
280 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1:r6:*:*:*:*:*:*" | |
281 | } ] | |
282 | }, { | |
283 | "operator" : "OR", | |
284 | "cpe_match" : [ { | |
285 | "vulnerable" : false, | |
286 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" | |
287 | }, { | |
288 | "vulnerable" : false, | |
289 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" | |
290 | }, { | |
291 | "vulnerable" : false, | |
292 | "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" | |
293 | }, { | |
294 | "vulnerable" : false, | |
295 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" | |
296 | }, { | |
297 | "vulnerable" : false, | |
298 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" | |
299 | }, { | |
300 | "vulnerable" : false, | |
301 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" | |
302 | }, { | |
303 | "vulnerable" : false, | |
304 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" | |
305 | }, { | |
306 | "vulnerable" : false, | |
307 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" | |
308 | }, { | |
309 | "vulnerable" : false, | |
310 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
311 | }, { | |
312 | "vulnerable" : false, | |
313 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" | |
314 | }, { | |
315 | "vulnerable" : false, | |
316 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
317 | }, { | |
318 | "vulnerable" : false, | |
319 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" | |
320 | } ] | |
321 | } ] | |
322 | }, { | |
323 | "operator" : "AND", | |
324 | "children" : [ { | |
325 | "operator" : "OR", | |
326 | "cpe_match" : [ { | |
327 | "vulnerable" : true, | |
328 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*" | |
329 | }, { | |
330 | "vulnerable" : true, | |
331 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*" | |
332 | }, { | |
333 | "vulnerable" : true, | |
334 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*" | |
335 | }, { | |
336 | "vulnerable" : true, | |
337 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*" | |
338 | }, { | |
339 | "vulnerable" : true, | |
340 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*" | |
341 | }, { | |
342 | "vulnerable" : true, | |
343 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*" | |
344 | }, { | |
345 | "vulnerable" : true, | |
346 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*" | |
347 | }, { | |
348 | "vulnerable" : true, | |
349 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*" | |
350 | }, { | |
351 | "vulnerable" : true, | |
352 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*" | |
353 | }, { | |
354 | "vulnerable" : true, | |
355 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*" | |
356 | } ] | |
357 | }, { | |
358 | "operator" : "OR", | |
359 | "cpe_match" : [ { | |
360 | "vulnerable" : false, | |
361 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
362 | }, { | |
363 | "vulnerable" : false, | |
364 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
365 | } ] | |
366 | } ] | |
367 | }, { | |
368 | "operator" : "AND", | |
369 | "children" : [ { | |
370 | "operator" : "OR", | |
371 | "cpe_match" : [ { | |
372 | "vulnerable" : true, | |
373 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:*:*:*:*:*:*:*" | |
374 | }, { | |
375 | "vulnerable" : true, | |
376 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d20:*:*:*:*:*:*" | |
377 | }, { | |
378 | "vulnerable" : true, | |
379 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d21:*:*:*:*:*:*" | |
380 | }, { | |
381 | "vulnerable" : true, | |
382 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d210:*:*:*:*:*:*" | |
383 | }, { | |
384 | "vulnerable" : true, | |
385 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d230:*:*:*:*:*:*" | |
386 | }, { | |
387 | "vulnerable" : true, | |
388 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d234:*:*:*:*:*:*" | |
389 | }, { | |
390 | "vulnerable" : true, | |
391 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d30:*:*:*:*:*:*" | |
392 | }, { | |
393 | "vulnerable" : true, | |
394 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d32:*:*:*:*:*:*" | |
395 | }, { | |
396 | "vulnerable" : true, | |
397 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d33:*:*:*:*:*:*" | |
398 | }, { | |
399 | "vulnerable" : true, | |
400 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d34:*:*:*:*:*:*" | |
401 | }, { | |
402 | "vulnerable" : true, | |
403 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d50:*:*:*:*:*:*" | |
404 | }, { | |
405 | "vulnerable" : true, | |
406 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d51:*:*:*:*:*:*" | |
407 | }, { | |
408 | "vulnerable" : true, | |
409 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d52:*:*:*:*:*:*" | |
410 | }, { | |
411 | "vulnerable" : true, | |
412 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d55:*:*:*:*:*:*" | |
413 | }, { | |
414 | "vulnerable" : true, | |
415 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d57:*:*:*:*:*:*" | |
416 | }, { | |
417 | "vulnerable" : true, | |
418 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d58:*:*:*:*:*:*" | |
419 | }, { | |
420 | "vulnerable" : true, | |
421 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d59:*:*:*:*:*:*" | |
422 | }, { | |
423 | "vulnerable" : true, | |
424 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:15.1x53:d590:*:*:*:*:*:*" | |
425 | } ] | |
426 | }, { | |
427 | "operator" : "OR", | |
428 | "cpe_match" : [ { | |
429 | "vulnerable" : false, | |
430 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
431 | }, { | |
432 | "vulnerable" : false, | |
433 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
434 | } ] | |
435 | } ] | |
436 | }, { | |
437 | "operator" : "AND", | |
438 | "children" : [ { | |
439 | "operator" : "OR", | |
440 | "cpe_match" : [ { | |
441 | "vulnerable" : true, | |
442 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:*:*:*:*:*:*:*" | |
443 | }, { | |
444 | "vulnerable" : true, | |
445 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*" | |
446 | }, { | |
447 | "vulnerable" : true, | |
448 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*" | |
449 | }, { | |
450 | "vulnerable" : true, | |
451 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*" | |
452 | }, { | |
453 | "vulnerable" : true, | |
454 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*" | |
455 | }, { | |
456 | "vulnerable" : true, | |
457 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*" | |
458 | }, { | |
459 | "vulnerable" : true, | |
460 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*" | |
461 | }, { | |
462 | "vulnerable" : true, | |
463 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*" | |
464 | }, { | |
465 | "vulnerable" : true, | |
466 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*" | |
467 | }, { | |
468 | "vulnerable" : true, | |
469 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*" | |
470 | } ] | |
471 | }, { | |
472 | "operator" : "OR", | |
473 | "cpe_match" : [ { | |
474 | "vulnerable" : false, | |
475 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" | |
476 | }, { | |
477 | "vulnerable" : false, | |
478 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" | |
479 | }, { | |
480 | "vulnerable" : false, | |
481 | "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" | |
482 | }, { | |
483 | "vulnerable" : false, | |
484 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" | |
485 | }, { | |
486 | "vulnerable" : false, | |
487 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" | |
488 | }, { | |
489 | "vulnerable" : false, | |
490 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" | |
491 | }, { | |
492 | "vulnerable" : false, | |
493 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" | |
494 | }, { | |
495 | "vulnerable" : false, | |
496 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" | |
497 | }, { | |
498 | "vulnerable" : false, | |
499 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
500 | }, { | |
501 | "vulnerable" : false, | |
502 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" | |
503 | }, { | |
504 | "vulnerable" : false, | |
505 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
506 | }, { | |
507 | "vulnerable" : false, | |
508 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" | |
509 | } ] | |
510 | } ] | |
511 | }, { | |
512 | "operator" : "AND", | |
513 | "children" : [ { | |
514 | "operator" : "OR", | |
515 | "cpe_match" : [ { | |
516 | "vulnerable" : true, | |
517 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:*:*:*:*:*:*:*" | |
518 | }, { | |
519 | "vulnerable" : true, | |
520 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*" | |
521 | } ] | |
522 | }, { | |
523 | "operator" : "OR", | |
524 | "cpe_match" : [ { | |
525 | "vulnerable" : false, | |
526 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" | |
527 | }, { | |
528 | "vulnerable" : false, | |
529 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" | |
530 | }, { | |
531 | "vulnerable" : false, | |
532 | "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" | |
533 | }, { | |
534 | "vulnerable" : false, | |
535 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" | |
536 | }, { | |
537 | "vulnerable" : false, | |
538 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" | |
539 | }, { | |
540 | "vulnerable" : false, | |
541 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" | |
542 | }, { | |
543 | "vulnerable" : false, | |
544 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" | |
545 | }, { | |
546 | "vulnerable" : false, | |
547 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" | |
548 | }, { | |
549 | "vulnerable" : false, | |
550 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
551 | }, { | |
552 | "vulnerable" : false, | |
553 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" | |
554 | }, { | |
555 | "vulnerable" : false, | |
556 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
557 | }, { | |
558 | "vulnerable" : false, | |
559 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" | |
560 | } ] | |
561 | } ] | |
562 | }, { | |
563 | "operator" : "AND", | |
564 | "children" : [ { | |
565 | "operator" : "OR", | |
566 | "cpe_match" : [ { | |
567 | "vulnerable" : true, | |
568 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:*:*:*:*:*:*:*" | |
569 | }, { | |
570 | "vulnerable" : true, | |
571 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*" | |
572 | }, { | |
573 | "vulnerable" : true, | |
574 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*" | |
575 | }, { | |
576 | "vulnerable" : true, | |
577 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*" | |
578 | } ] | |
579 | }, { | |
580 | "operator" : "OR", | |
581 | "cpe_match" : [ { | |
582 | "vulnerable" : false, | |
583 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" | |
584 | }, { | |
585 | "vulnerable" : false, | |
586 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" | |
587 | }, { | |
588 | "vulnerable" : false, | |
589 | "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" | |
590 | }, { | |
591 | "vulnerable" : false, | |
592 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" | |
593 | }, { | |
594 | "vulnerable" : false, | |
595 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" | |
596 | }, { | |
597 | "vulnerable" : false, | |
598 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" | |
599 | }, { | |
600 | "vulnerable" : false, | |
601 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" | |
602 | }, { | |
603 | "vulnerable" : false, | |
604 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" | |
605 | }, { | |
606 | "vulnerable" : false, | |
607 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
608 | }, { | |
609 | "vulnerable" : false, | |
610 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" | |
611 | }, { | |
612 | "vulnerable" : false, | |
613 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
614 | }, { | |
615 | "vulnerable" : false, | |
616 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" | |
617 | } ] | |
618 | } ] | |
619 | }, { | |
620 | "operator" : "AND", | |
621 | "children" : [ { | |
622 | "operator" : "OR", | |
623 | "cpe_match" : [ { | |
624 | "vulnerable" : true, | |
625 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:*:*:*:*:*:*:*" | |
626 | }, { | |
627 | "vulnerable" : true, | |
628 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*" | |
629 | }, { | |
630 | "vulnerable" : true, | |
631 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*" | |
632 | } ] | |
633 | }, { | |
634 | "operator" : "OR", | |
635 | "cpe_match" : [ { | |
636 | "vulnerable" : false, | |
637 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" | |
638 | }, { | |
639 | "vulnerable" : false, | |
640 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" | |
641 | }, { | |
642 | "vulnerable" : false, | |
643 | "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" | |
644 | }, { | |
645 | "vulnerable" : false, | |
646 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" | |
647 | }, { | |
648 | "vulnerable" : false, | |
649 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" | |
650 | }, { | |
651 | "vulnerable" : false, | |
652 | "cpe23Uri" : "cpe:2.3:h:juniper:gfx3600:-:*:*:*:*:*:*:*" | |
653 | }, { | |
654 | "vulnerable" : false, | |
655 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" | |
656 | }, { | |
657 | "vulnerable" : false, | |
658 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" | |
659 | }, { | |
660 | "vulnerable" : false, | |
661 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
662 | }, { | |
663 | "vulnerable" : false, | |
664 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" | |
665 | }, { | |
666 | "vulnerable" : false, | |
667 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
668 | }, { | |
669 | "vulnerable" : false, | |
670 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" | |
671 | } ] | |
672 | } ] | |
673 | }, { | |
674 | "operator" : "AND", | |
675 | "children" : [ { | |
676 | "operator" : "OR", | |
677 | "cpe_match" : [ { | |
678 | "vulnerable" : true, | |
679 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:*:*:*:*:*:*:*" | |
680 | }, { | |
681 | "vulnerable" : true, | |
682 | "cpe23Uri" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*" | |
683 | } ] | |
684 | }, { | |
685 | "operator" : "OR", | |
686 | "cpe_match" : [ { | |
687 | "vulnerable" : false, | |
688 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" | |
689 | }, { | |
690 | "vulnerable" : false, | |
691 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" | |
692 | }, { | |
693 | "vulnerable" : false, | |
694 | "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" | |
695 | }, { | |
696 | "vulnerable" : false, | |
697 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" | |
698 | }, { | |
699 | "vulnerable" : false, | |
700 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" | |
701 | }, { | |
702 | "vulnerable" : false, | |
703 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" | |
704 | }, { | |
705 | "vulnerable" : false, | |
706 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" | |
707 | }, { | |
708 | "vulnerable" : false, | |
709 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" | |
710 | }, { | |
711 | "vulnerable" : false, | |
712 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
713 | }, { | |
714 | "vulnerable" : false, | |
715 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" | |
716 | }, { | |
717 | "vulnerable" : false, | |
718 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
719 | }, { | |
720 | "vulnerable" : false, | |
721 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" | |
722 | } ] | |
723 | } ] | |
724 | }, { | |
725 | "operator" : "AND", | |
726 | "children" : [ { | |
727 | "operator" : "OR", | |
728 | "cpe_match" : [ { | |
729 | "vulnerable" : true, | |
730 | "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:*:*:*:*:*:*:*" | |
731 | }, { | |
732 | "vulnerable" : true, | |
733 | "cpe23Uri" : "cpe:2.3:a:juniper:junos:18.1:r1:*:*:*:*:*:*" | |
734 | } ] | |
735 | }, { | |
736 | "operator" : "OR", | |
737 | "cpe_match" : [ { | |
738 | "vulnerable" : false, | |
739 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300:-:*:*:*:*:*:*:*" | |
740 | }, { | |
741 | "vulnerable" : false, | |
742 | "cpe23Uri" : "cpe:2.3:h:juniper:ex2300-c:-:*:*:*:*:*:*:*" | |
743 | }, { | |
744 | "vulnerable" : false, | |
745 | "cpe23Uri" : "cpe:2.3:h:juniper:ex3400:-:*:*:*:*:*:*:*" | |
746 | }, { | |
747 | "vulnerable" : false, | |
748 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4600:-:*:*:*:*:*:*:*" | |
749 | }, { | |
750 | "vulnerable" : false, | |
751 | "cpe23Uri" : "cpe:2.3:h:juniper:ex4650:-:*:*:*:*:*:*:*" | |
752 | }, { | |
753 | "vulnerable" : false, | |
754 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3500:-:*:*:*:*:*:*:*" | |
755 | }, { | |
756 | "vulnerable" : false, | |
757 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx3600:-:*:*:*:*:*:*:*" | |
758 | }, { | |
759 | "vulnerable" : false, | |
760 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5100:-:*:*:*:*:*:*:*" | |
761 | }, { | |
762 | "vulnerable" : false, | |
763 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5110:-:*:*:*:*:*:*:*" | |
764 | }, { | |
765 | "vulnerable" : false, | |
766 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5120:-:*:*:*:*:*:*:*" | |
767 | }, { | |
768 | "vulnerable" : false, | |
769 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5200:-:*:*:*:*:*:*:*" | |
770 | }, { | |
771 | "vulnerable" : false, | |
772 | "cpe23Uri" : "cpe:2.3:h:juniper:qfx5210:-:*:*:*:*:*:*:*" | |
773 | } ] | |
774 | } ] | |
775 | } ] | |
776 | }, | |
777 | "impact" : { | |
778 | "baseMetricV3" : { | |
779 | "cvssV3" : { | |
780 | "version" : "3.0", | |
781 | "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", | |
782 | "attackVector" : "NETWORK", | |
783 | "attackComplexity" : "LOW", | |
784 | "privilegesRequired" : "NONE", | |
785 | "userInteraction" : "NONE", | |
786 | "scope" : "UNCHANGED", | |
787 | "confidentialityImpact" : "NONE", | |
788 | "integrityImpact" : "LOW", | |
789 | "availabilityImpact" : "NONE", | |
790 | "baseScore" : 5.3, | |
791 | "baseSeverity" : "MEDIUM" | |
792 | }, | |
793 | "exploitabilityScore" : 3.9, | |
794 | "impactScore" : 1.4 | |
795 | }, | |
796 | "baseMetricV2" : { | |
797 | "cvssV2" : { | |
798 | "version" : "2.0", | |
799 | "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", | |
800 | "accessVector" : "NETWORK", | |
801 | "accessComplexity" : "LOW", | |
802 | "authentication" : "NONE", | |
803 | "confidentialityImpact" : "NONE", | |
804 | "integrityImpact" : "PARTIAL", | |
805 | "availabilityImpact" : "NONE", | |
806 | "baseScore" : 5.0 | |
807 | }, | |
808 | "severity" : "MEDIUM", | |
809 | "exploitabilityScore" : 10.0, | |
810 | "impactScore" : 2.9, | |
811 | "acInsufInfo" : false, | |
812 | "obtainAllPrivilege" : false, | |
813 | "obtainUserPrivilege" : false, | |
814 | "obtainOtherPrivilege" : false, | |
815 | "userInteractionRequired" : false | |
816 | } | |
817 | }, | |
818 | "publishedDate" : "2019-01-15T21:29Z", | |
819 | "lastModifiedDate" : "2019-02-14T18:40Z" | |
820 | }, { | |
821 | "cve" : { | |
822 | "data_type" : "CVE", | |
823 | "data_format" : "MITRE", | |
824 | "data_version" : "4.0", | |
825 | "CVE_data_meta" : { | |
826 | "ID" : "CVE-2019-14811", | |
827 | "ASSIGNER" : "cve@mitre.org" | |
828 | }, | |
829 | "problemtype" : { | |
830 | "problemtype_data" : [ { | |
831 | "description" : [ { | |
832 | "lang" : "en", | |
833 | "value" : "CWE-264" | |
834 | } ] | |
835 | } ] | |
836 | }, | |
837 | "references" : { | |
838 | "reference_data" : [ { | |
839 | "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html", | |
840 | "name" : "openSUSE-SU-2019:2223", | |
841 | "refsource" : "SUSE", | |
842 | "tags" : [ ] | |
843 | }, { | |
844 | "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html", | |
845 | "name" : "openSUSE-SU-2019:2222", | |
846 | "refsource" : "SUSE", | |
847 | "tags" : [ ] | |
848 | }, { | |
849 | "url" : "https://access.redhat.com/errata/RHBA-2019:2824", | |
850 | "name" : "RHBA-2019:2824", | |
851 | "refsource" : "REDHAT", | |
852 | "tags" : [ ] | |
853 | }, { | |
854 | "url" : "https://access.redhat.com/errata/RHSA-2019:2594", | |
855 | "name" : "RHSA-2019:2594", | |
856 | "refsource" : "REDHAT", | |
857 | "tags" : [ ] | |
858 | }, { | |
859 | "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", | |
860 | "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811", | |
861 | "refsource" : "CONFIRM", | |
862 | "tags" : [ "Exploit", "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ] | |
863 | }, { | |
864 | "url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html", | |
865 | "name" : "[debian-lts-announce] 20190909 [SECURITY] [DLA 1915-1] ghostscript security update", | |
866 | "refsource" : "MLIST", | |
867 | "tags" : [ ] | |
868 | }, { | |
869 | "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/", | |
870 | "name" : "FEDORA-2019-ebd6c4f15a", | |
871 | "refsource" : "FEDORA", | |
872 | "tags" : [ ] | |
873 | }, { | |
874 | "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/", | |
875 | "name" : "FEDORA-2019-0a9d525d71", | |
876 | "refsource" : "FEDORA", | |
877 | "tags" : [ ] | |
878 | }, { | |
879 | "url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/", | |
880 | "name" : "FEDORA-2019-953fc0f16d", | |
881 | "refsource" : "FEDORA", | |
882 | "tags" : [ ] | |
883 | }, { | |
884 | "url" : "https://seclists.org/bugtraq/2019/Sep/15", | |
885 | "name" : "20190910 [SECURITY] [DSA 4518-1] ghostscript security update", | |
886 | "refsource" : "BUGTRAQ", | |
887 | "tags" : [ ] | |
888 | }, { | |
889 | "url" : "https://www.debian.org/security/2019/dsa-4518", | |
890 | "name" : "DSA-4518", | |
891 | "refsource" : "DEBIAN", | |
892 | "tags" : [ ] | |
893 | } ] | |
894 | }, | |
895 | "description" : { | |
896 | "description_data" : [ { | |
897 | "lang" : "en", | |
898 | "value" : "A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands." | |
899 | } ] | |
900 | } | |
901 | }, | |
902 | "configurations" : { | |
903 | "CVE_data_version" : "4.0", | |
904 | "nodes" : [ { | |
905 | "operator" : "OR", | |
906 | "cpe_match" : [ { | |
907 | "vulnerable" : true, | |
908 | "cpe23Uri" : "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*", | |
909 | "versionEndExcluding" : "9.28" | |
910 | } ] | |
911 | } ] | |
912 | }, | |
913 | "impact" : { | |
914 | "baseMetricV3" : { | |
915 | "cvssV3" : { | |
916 | "version" : "3.0", | |
917 | "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", | |
918 | "attackVector" : "LOCAL", | |
919 | "attackComplexity" : "LOW", | |
920 | "privilegesRequired" : "NONE", | |
921 | "userInteraction" : "REQUIRED", | |
922 | "scope" : "UNCHANGED", | |
923 | "confidentialityImpact" : "HIGH", | |
924 | "integrityImpact" : "HIGH", | |
925 | "availabilityImpact" : "HIGH", | |
926 | "baseScore" : 7.8, | |
927 | "baseSeverity" : "HIGH" | |
928 | }, | |
929 | "exploitabilityScore" : 1.8, | |
930 | "impactScore" : 5.9 | |
931 | }, | |
932 | "baseMetricV2" : { | |
933 | "cvssV2" : { | |
934 | "version" : "2.0", | |
935 | "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", | |
936 | "accessVector" : "NETWORK", | |
937 | "accessComplexity" : "MEDIUM", | |
938 | "authentication" : "NONE", | |
939 | "confidentialityImpact" : "PARTIAL", | |
940 | "integrityImpact" : "PARTIAL", | |
941 | "availabilityImpact" : "PARTIAL", | |
942 | "baseScore" : 6.8 | |
943 | }, | |
944 | "severity" : "MEDIUM", | |
945 | "exploitabilityScore" : 8.6, | |
946 | "impactScore" : 6.4, | |
947 | "acInsufInfo" : false, | |
948 | "obtainAllPrivilege" : false, | |
949 | "obtainUserPrivilege" : false, | |
950 | "obtainOtherPrivilege" : false, | |
951 | "userInteractionRequired" : true | |
952 | } | |
953 | }, | |
954 | "publishedDate" : "2019-09-03T16:15Z", | |
955 | "lastModifiedDate" : "2019-09-10T03:15Z" | |
956 | }, { | |
957 | "cve" : { | |
958 | "data_type" : "CVE", | |
959 | "data_format" : "MITRE", | |
960 | "data_version" : "4.0", | |
961 | "CVE_data_meta" : { | |
962 | "ID" : "CVE-2019-17365", | |
963 | "ASSIGNER" : "cve@mitre.org" | |
964 | }, | |
965 | "problemtype" : { | |
966 | "problemtype_data" : [ { | |
967 | "description" : [ { | |
968 | "lang" : "en", | |
969 | "value" : "CWE-276" | |
970 | } ] | |
971 | } ] | |
972 | }, | |
973 | "references" : { | |
974 | "reference_data" : [ { | |
975 | "url" : "http://www.openwall.com/lists/oss-security/2019/10/09/4", | |
976 | "name" : "http://www.openwall.com/lists/oss-security/2019/10/09/4", | |
977 | "refsource" : "MISC", | |
978 | "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] | |
979 | }, { | |
980 | "url" : "http://www.openwall.com/lists/oss-security/2019/10/10/1", | |
981 | "name" : "[oss-security] 20191010 Re: CVE-2019-17365: Nix per-user profile directory hijack", | |
982 | "refsource" : "MLIST", | |
983 | "tags" : [ "Third Party Advisory" ] | |
984 | } ] | |
985 | }, | |
986 | "description" : { | |
987 | "description_data" : [ { | |
988 | "lang" : "en", | |
989 | "value" : "Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable." | |
990 | } ] | |
991 | } | |
992 | }, | |
993 | "configurations" : { | |
994 | "CVE_data_version" : "4.0", | |
995 | "nodes" : [ { | |
996 | "operator" : "OR", | |
997 | "cpe_match" : [ { | |
998 | "vulnerable" : true, | |
999 | "cpe23Uri" : "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*", | |
1000 | "versionEndIncluding" : "2.3" | |
1001 | } ] | |
1002 | } ] | |
1003 | }, | |
1004 | "impact" : { | |
1005 | "baseMetricV3" : { | |
1006 | "cvssV3" : { | |
1007 | "version" : "3.1", | |
1008 | "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", | |
1009 | "attackVector" : "LOCAL", | |
1010 | "attackComplexity" : "LOW", | |
1011 | "privilegesRequired" : "LOW", | |
1012 | "userInteraction" : "NONE", | |
1013 | "scope" : "UNCHANGED", | |
1014 | "confidentialityImpact" : "HIGH", | |
1015 | "integrityImpact" : "HIGH", | |
1016 | "availabilityImpact" : "HIGH", | |
1017 | "baseScore" : 7.8, | |
1018 | "baseSeverity" : "HIGH" | |
1019 | }, | |
1020 | "exploitabilityScore" : 1.8, | |
1021 | "impactScore" : 5.9 | |
1022 | }, | |
1023 | "baseMetricV2" : { | |
1024 | "cvssV2" : { | |
1025 | "version" : "2.0", | |
1026 | "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", | |
1027 | "accessVector" : "LOCAL", | |
1028 | "accessComplexity" : "LOW", | |
1029 | "authentication" : "NONE", | |
1030 | "confidentialityImpact" : "PARTIAL", | |
1031 | "integrityImpact" : "PARTIAL", | |
1032 | "availabilityImpact" : "PARTIAL", | |
1033 | "baseScore" : 4.6 | |
1034 | }, | |
1035 | "severity" : "MEDIUM", | |
1036 | "exploitabilityScore" : 3.9, | |
1037 | "impactScore" : 6.4, | |
1038 | "acInsufInfo" : false, | |
1039 | "obtainAllPrivilege" : false, | |
1040 | "obtainUserPrivilege" : false, | |
1041 | "obtainOtherPrivilege" : false, | |
1042 | "userInteractionRequired" : false | |
1043 | } | |
1044 | }, | |
1045 | "publishedDate" : "2019-10-09T22:15Z", | |
1046 | "lastModifiedDate" : "2019-10-11T13:19Z" | |
1047 | }, { | |
1048 | "cve" : { | |
1049 | "data_type" : "CVE", | |
1050 | "data_format" : "MITRE", | |
1051 | "data_version" : "4.0", | |
1052 | "CVE_data_meta" : { | |
1053 | "ID" : "CVE-2019-1010180", | |
1054 | "ASSIGNER" : "cve@mitre.org" | |
1055 | }, | |
1056 | "problemtype" : { | |
1057 | "problemtype_data" : [ { | |
1058 | "description" : [ { | |
1059 | "lang" : "en", | |
1060 | "value" : "CWE-119" | |
1061 | } ] | |
1062 | } ] | |
1063 | }, | |
1064 | "references" : { | |
1065 | "reference_data" : [ { | |
1066 | "url" : "http://www.securityfocus.com/bid/109367", | |
1067 | "name" : "109367", | |
1068 | "refsource" : "BID", | |
1069 | "tags" : [ "Third Party Advisory", "VDB Entry" ] | |
1070 | }, { | |
1071 | "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", | |
1072 | "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657", | |
1073 | "refsource" : "MISC", | |
1074 | "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] | |
1075 | } ] | |
1076 | }, | |
1077 | "description" : { | |
1078 | "description_data" : [ { | |
1079 | "lang" : "en", | |
1080 | "value" : "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet." | |
1081 | } ] | |
1082 | } | |
1083 | }, | |
1084 | "configurations" : { | |
1085 | "CVE_data_version" : "4.0", | |
1086 | "nodes" : [ { | |
1087 | "operator" : "OR", | |
1088 | "cpe_match" : [ { | |
1089 | "vulnerable" : true, | |
1090 | "cpe23Uri" : "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*" | |
1091 | } ] | |
1092 | } ] | |
1093 | }, | |
1094 | "impact" : { | |
1095 | "baseMetricV3" : { | |
1096 | "cvssV3" : { | |
1097 | "version" : "3.0", | |
1098 | "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", | |
1099 | "attackVector" : "LOCAL", | |
1100 | "attackComplexity" : "LOW", | |
1101 | "privilegesRequired" : "NONE", | |
1102 | "userInteraction" : "REQUIRED", | |
1103 | "scope" : "UNCHANGED", | |
1104 | "confidentialityImpact" : "HIGH", | |
1105 | "integrityImpact" : "HIGH", | |
1106 | "availabilityImpact" : "HIGH", | |
1107 | "baseScore" : 7.8, | |
1108 | "baseSeverity" : "HIGH" | |
1109 | }, | |
1110 | "exploitabilityScore" : 1.8, | |
1111 | "impactScore" : 5.9 | |
1112 | }, | |
1113 | "baseMetricV2" : { | |
1114 | "cvssV2" : { | |
1115 | "version" : "2.0", | |
1116 | "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", | |
1117 | "accessVector" : "NETWORK", | |
1118 | "accessComplexity" : "MEDIUM", | |
1119 | "authentication" : "NONE", | |
1120 | "confidentialityImpact" : "PARTIAL", | |
1121 | "integrityImpact" : "PARTIAL", | |
1122 | "availabilityImpact" : "PARTIAL", | |
1123 | "baseScore" : 6.8 | |
1124 | }, | |
1125 | "severity" : "MEDIUM", | |
1126 | "exploitabilityScore" : 8.6, | |
1127 | "impactScore" : 6.4, | |
1128 | "acInsufInfo" : false, | |
1129 | "obtainAllPrivilege" : false, | |
1130 | "obtainUserPrivilege" : false, | |
1131 | "obtainOtherPrivilege" : false, | |
1132 | "userInteractionRequired" : true | |
1133 | } | |
1134 | }, | |
1135 | "publishedDate" : "2019-07-24T13:15Z", | |
1136 | "lastModifiedDate" : "2019-08-01T15:39Z" | |
1137 | }, { | |
1138 | "cve" : { | |
1139 | "data_type" : "CVE", | |
1140 | "data_format" : "MITRE", | |
1141 | "data_version" : "4.0", | |
1142 | "CVE_data_meta" : { | |
1143 | "ID" : "CVE-2019-1010204", | |
1144 | "ASSIGNER" : "cve@mitre.org" | |
1145 | }, | |
1146 | "problemtype" : { | |
1147 | "problemtype_data" : [ { | |
1148 | "description" : [ { | |
1149 | "lang" : "en", | |
1150 | "value" : "CWE-125" | |
1151 | }, { | |
1152 | "lang" : "en", | |
1153 | "value" : "CWE-20" | |
1154 | } ] | |
1155 | } ] | |
1156 | }, | |
1157 | "references" : { | |
1158 | "reference_data" : [ { | |
1159 | "url" : "https://security.netapp.com/advisory/ntap-20190822-0001/", | |
1160 | "name" : "https://security.netapp.com/advisory/ntap-20190822-0001/", | |
1161 | "refsource" : "CONFIRM", | |
1162 | "tags" : [ ] | |
1163 | }, { | |
1164 | "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", | |
1165 | "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765", | |
1166 | "refsource" : "MISC", | |
1167 | "tags" : [ "Issue Tracking", "Third Party Advisory" ] | |
1168 | } ] | |
1169 | }, | |
1170 | "description" : { | |
1171 | "description_data" : [ { | |
1172 | "lang" : "en", | |
1173 | "value" : "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened." | |
1174 | } ] | |
1175 | } | |
1176 | }, | |
1177 | "configurations" : { | |
1178 | "CVE_data_version" : "4.0", | |
1179 | "nodes" : [ { | |
1180 | "operator" : "OR", | |
1181 | "cpe_match" : [ { | |
1182 | "vulnerable" : true, | |
1183 | "cpe23Uri" : "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", | |
1184 | "versionStartIncluding" : "2.21", | |
1185 | "versionEndIncluding" : "2.31.1" | |
1186 | }, { | |
1187 | "vulnerable" : true, | |
1188 | "cpe23Uri" : "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*", | |
1189 | "versionStartIncluding" : "1.11", | |
1190 | "versionEndIncluding" : "1.16" | |
1191 | } ] | |
1192 | } ] | |
1193 | }, | |
1194 | "impact" : { | |
1195 | "baseMetricV3" : { | |
1196 | "cvssV3" : { | |
1197 | "version" : "3.0", | |
1198 | "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", | |
1199 | "attackVector" : "LOCAL", | |
1200 | "attackComplexity" : "LOW", | |
1201 | "privilegesRequired" : "NONE", | |
1202 | "userInteraction" : "REQUIRED", | |
1203 | "scope" : "UNCHANGED", | |
1204 | "confidentialityImpact" : "NONE", | |
1205 | "integrityImpact" : "NONE", | |
1206 | "availabilityImpact" : "HIGH", | |
1207 | "baseScore" : 5.5, | |
1208 | "baseSeverity" : "MEDIUM" | |
1209 | }, | |
1210 | "exploitabilityScore" : 1.8, | |
1211 | "impactScore" : 3.6 | |
1212 | }, | |
1213 | "baseMetricV2" : { | |
1214 | "cvssV2" : { | |
1215 | "version" : "2.0", | |
1216 | "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", | |
1217 | "accessVector" : "NETWORK", | |
1218 | "accessComplexity" : "MEDIUM", | |
1219 | "authentication" : "NONE", | |
1220 | "confidentialityImpact" : "NONE", | |
1221 | "integrityImpact" : "NONE", | |
1222 | "availabilityImpact" : "PARTIAL", | |
1223 | "baseScore" : 4.3 | |
1224 | }, | |
1225 | "severity" : "MEDIUM", | |
1226 | "exploitabilityScore" : 8.6, | |
1227 | "impactScore" : 2.9, | |
1228 | "acInsufInfo" : false, | |
1229 | "obtainAllPrivilege" : false, | |
1230 | "obtainUserPrivilege" : false, | |
1231 | "obtainOtherPrivilege" : false, | |
1232 | "userInteractionRequired" : true | |
1233 | } | |
1234 | }, | |
1235 | "publishedDate" : "2019-07-23T14:15Z", | |
1236 | "lastModifiedDate" : "2019-08-22T07:15Z" | |
1237 | }, { | |
1238 | "cve" : { | |
1239 | "data_type" : "CVE", | |
1240 | "data_format" : "MITRE", | |
1241 | "data_version" : "4.0", | |
1242 | "CVE_data_meta" : { | |
1243 | "ID" : "CVE-2019-18192", | |
1244 | "ASSIGNER" : "cve@mitre.org" | |
1245 | }, | |
1246 | "problemtype" : { | |
1247 | "problemtype_data" : [ { | |
1248 | "description" : [ ] | |
1249 | } ] | |
1250 | }, | |
1251 | "references" : { | |
1252 | "reference_data" : [ { | |
1253 | "url" : "http://www.openwall.com/lists/oss-security/2019/10/17/3", | |
1254 | "name" : "[oss-security] 20191017 CVE-2019-18192: Insecure permissions on Guix profile directory", | |
1255 | "refsource" : "MLIST", | |
1256 | "tags" : [ ] | |
1257 | }, { | |
1258 | "url" : "https://issues.guix.gnu.org/issue/37744", | |
1259 | "name" : "https://issues.guix.gnu.org/issue/37744", | |
1260 | "refsource" : "MISC", | |
1261 | "tags" : [ ] | |
1262 | } ] | |
1263 | }, | |
1264 | "description" : { | |
1265 | "description_data" : [ { | |
1266 | "lang" : "en", | |
1267 | "value" : "GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365." | |
1268 | } ] | |
1269 | } | |
1270 | }, | |
1271 | "configurations" : { | |
1272 | "CVE_data_version" : "4.0", | |
1273 | "nodes" : [ ] | |
1274 | }, | |
1275 | "impact" : { }, | |
1276 | "publishedDate" : "2019-10-17T20:15Z", | |
1277 | "lastModifiedDate" : "2019-10-17T20:29Z" | |
1278 | } ] | |
1279 | } |