cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
{
2025-08-26 13:17:16 +02:00
"resultsPerPage" : 6 ,
"startIndex" : 0 ,
"totalResults" : 6 ,
"format" : "NVD_CVE" ,
"version" : "2.0" ,
"timestamp" : "2025-08-23T03:01:35.4173588" ,
"vulnerabilities" : [
{
"cve" : {
"id" : "CVE-2019-0001" ,
"sourceIdentifier" : "sirt@juniper.net" ,
"published" : "2019-01-15T21:29:00.760" ,
"lastModified" : "2024-11-21T04:16:01.113" ,
"vulnStatus" : "Modified" ,
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2."
} ,
{
"lang" : "es" ,
"value" : "La recepción de un paquete mal formado en dispositivos MX Series con una configuración vlan dinámica puede desencadenar un bucle de recursión no controlado en el demonio de gestión de suscriptores Broadband Edge (bbe-smgd) y conducir a un alto uso de CPU y el cierre inesperado del servicio bbe-smgd. La recepción repetida del mismo paquete puede resultar en una condición de denegación de servicio (DoS) extendida para los dispositivos. Las versiones afectadas son Juniper Networks Junos OS: 16.1 en versiones anteriores a la 16.1R7-S1; 16.2 en versiones anteriores a la 16.2R2-S7; 17.1 en versiones anteriores a la 17.1R2-S10, 17.1R3; 17.2 en versiones anteriores a la 17.2R3; 17.3 en versiones anteriores a la 17.3R3-S1; 17.4 en versiones anteriores a la 17.4R2; 18.1 en versiones anteriores a la 18.1R3 y 18.2 en versiones anteriores a la 18.2R2."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.6
}
] ,
"cvssMetricV30" : [
{
"source" : "sirt@juniper.net" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.0" ,
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" ,
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.6
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C" ,
"baseScore" : 7.1 ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "COMPLETE"
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 6.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
} ,
2025-08-26 13:17:16 +02:00
"weaknesses" : [
{
"source" : "sirt@juniper.net" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-674"
}
]
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-674"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "258A380C-1EA0-407D-B7E3-4A2E8820119C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "BBE35BDC-7739-4854-8BB8-E8600603DE9D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "2DC47132-9EEA-4518-8F86-5CD231FBFB61"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r3:*:*:*:*:*:*" ,
"matchCriteriaId" : "CD5A30CE-9498-4007-8E66-FD0CC6CF1836"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r3-s10:*:*:*:*:*:*" ,
"matchCriteriaId" : "07CD1E7C-24EA-46B7-964C-C78FF64AFAE6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r3-s11:*:*:*:*:*:*" ,
"matchCriteriaId" : "8A457C57-4A36-433D-9473-5ABC091DF316"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r4:*:*:*:*:*:*" ,
"matchCriteriaId" : "6D3E38C1-808C-4BD3-993D-F30855F5390F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r4-s12:*:*:*:*:*:*" ,
"matchCriteriaId" : "C2AF9C4B-23E6-485D-A115-2B728E929C6A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r4-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "1FD11073-DC27-41F8-A6A2-7E22A062D14E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r4-s3:*:*:*:*:*:*" ,
"matchCriteriaId" : "2A78389E-868C-422D-9AA3-8A672DF6C2AF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r4-s4:*:*:*:*:*:*" ,
"matchCriteriaId" : "85BFC22F-A6B3-4306-A28B-5D78FFA6402D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r4-s6:*:*:*:*:*:*" ,
"matchCriteriaId" : "99276E50-825C-4BB4-8496-1F81BDA21655"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r5:*:*:*:*:*:*" ,
"matchCriteriaId" : "72194CB7-FFDC-4897-9D6E-EA3459DDDEB5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r5-s4:*:*:*:*:*:*" ,
"matchCriteriaId" : "C88635DB-09B1-4DA1-8FC3-2F7A7E42819C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r6:*:*:*:*:*:*" ,
"matchCriteriaId" : "92F35C19-5AD2-4F98-8313-2E880714DF3B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r6-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "DF5A9D31-ED7D-4390-B46D-7E46089DB932"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r6-s6:*:*:*:*:*:*" ,
"matchCriteriaId" : "90B94472-0E32-48AD-A690-AABB2C53CA58"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.1:r7:*:*:*:*:*:*" ,
"matchCriteriaId" : "6B4A4960-0241-4BF4-8857-8B7BE33466B6"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.2:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "9677CE18-B955-432F-BA2B-AAE3D0CA0F16"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.2:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "3661BC68-6F32-447F-8D20-FD73FBBED9C6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.2:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "5B6097D4-3856-4696-9A26-5B6C0FD9AD6C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.2:r2-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "84DD80BF-BF7E-447B-AA74-00B3D8036E36"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.2:r2-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "57B89EEB-222D-46AA-BC8F-4EE7E17BA7B6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.2:r2-s5:*:*:*:*:*:*" ,
"matchCriteriaId" : "ECAE613D-1317-4D2E-8A61-980CD5DEAED8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:16.2:r2-s6:*:*:*:*:*:*" ,
"matchCriteriaId" : "BAB2D63C-C966-42CA-85A9-09820D00A2D8"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "CC9B5CDE-3A50-4CD3-962A-FA0989939F37"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "7572C187-4D58-4E0D-A605-B2B13EFF5C6B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "E34A149E-C2ED-4D86-A105-0A2775654AE7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "4E0D42C4-9B4D-44F9-BC84-E7994404598B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "DE2C20D8-3C73-4B87-BA41-DBFBCA5FBA58"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2-s3:*:*:*:*:*:*" ,
"matchCriteriaId" : "54D887B4-D2F4-4537-8298-B98D01396F12"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2-s4:*:*:*:*:*:*" ,
"matchCriteriaId" : "1C1B5AE6-A323-4744-BCA1-25E46D2D27BB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2-s5:*:*:*:*:*:*" ,
"matchCriteriaId" : "0AB39E2F-0D67-4FA6-84B8-36684E971002"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2-s6:*:*:*:*:*:*" ,
"matchCriteriaId" : "A32C3702-48DE-47CF-B0D1-3A629676AD03"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2-s7:*:*:*:*:*:*" ,
"matchCriteriaId" : "B9695B3E-FCDA-4DF0-B714-8B4F87AA647D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2-s8:*:*:*:*:*:*" ,
"matchCriteriaId" : "36214C23-82C8-4A3E-9FF8-04F85FF8B2B7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.1:r2-s9:*:*:*:*:*:*" ,
"matchCriteriaId" : "F3778643-1684-4549-A764-A1909C14B4B3"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "BCEE8D9C-6D64-4A9B-A74A-57A0BF4086C6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "E889BF9C-BDDF-4A6A-97BB-00A097EF6D91"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r1-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "8BCF0612-AF16-4925-8E42-77734513F923"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r1-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "595987A6-D8CE-41ED-B51C-EF9CD3B47AD0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r1-s3:*:*:*:*:*:*" ,
"matchCriteriaId" : "7B5A2205-C40B-4746-9A23-1973433FF065"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r1-s4:*:*:*:*:*:*" ,
"matchCriteriaId" : "CFA3526C-FF53-4823-B6AC-0BA91BFB532D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r1-s5:*:*:*:*:*:*" ,
"matchCriteriaId" : "AA92B7F8-705B-410F-BDA3-7C28FF51967F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r1-s7:*:*:*:*:*:*" ,
"matchCriteriaId" : "9689695F-53EB-4B35-9072-750E7282B011"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r1-s8:*:*:*:*:*:*" ,
"matchCriteriaId" : "4F7CE683-5647-455B-936C-DF0D973A180A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "7D45F2C3-20FF-4A91-A440-E109B3CCE7C9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r2-s11:*:*:*:*:*:*" ,
"matchCriteriaId" : "BA433E05-83F8-410D-AEB3-3A02BAB0BE0B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r2-s6:*:*:*:*:*:*" ,
"matchCriteriaId" : "B87ECEAD-FD18-4252-8D46-F281DD4125AC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.2:r2-s7:*:*:*:*:*:*" ,
"matchCriteriaId" : "C6788EE2-B0DA-470E-B72E-E8D5CCFB5259"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "A283D32F-1CAF-4A5A-83E1-585F2801771F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "38A40E03-F915-4888-87B0-5950F75F097D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:r1-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "C52E355B-DA7D-4FDE-B2D7-A3C3C9C99918"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:r2:*:*:*:*:*:*" ,
"matchCriteriaId" : "69FC46D4-39E2-4E2F-A1D3-1001769A7115"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:r2-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "32F83E8B-A816-4F26-95F8-F0DA7F3DF426"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:r2-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "2C433359-BC8B-4E69-BE74-A31EB148083A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:r2-s3:*:*:*:*:*:*" ,
"matchCriteriaId" : "BCA2976C-C84B-40D9-A806-588629BFFB13"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:r2-s4:*:*:*:*:*:*" ,
"matchCriteriaId" : "A2C7B980-033E-40AC-98C9-B252733B0F43"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:r2-s5:*:*:*:*:*:*" ,
"matchCriteriaId" : "BA8D32E4-1892-46DC-9782-5466A14E18D9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.3:r3:-:*:*:*:*:*" ,
"matchCriteriaId" : "D1CAEBD2-2E46-44B5-B1D1-1DDBD450FD27"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.4:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "A00CA6FB-8F28-4171-B510-8DBA351E80C0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.4:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "988D317A-0646-491F-9B97-853E8E208276"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.4:r1-s1:*:*:*:*:*:*" ,
"matchCriteriaId" : "605F1AD7-5B09-44F0-9017-15AB3EEE559C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.4:r1-s2:*:*:*:*:*:*" ,
"matchCriteriaId" : "CEDDCD30-2255-4FA9-B3E2-9E88AB6F8D80"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.4:r1-s4:*:*:*:*:*:*" ,
"matchCriteriaId" : "4E4EB6B0-8DB2-4199-96E4-30195D49F756"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.4:r1-s5:*:*:*:*:*:*" ,
"matchCriteriaId" : "204FC7B5-9CF2-4AC2-9B8D-DA48CAEA6496"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.4:r1-s6:*:*:*:*:*:*" ,
"matchCriteriaId" : "9D8A8E33-473A-4A40-A7B7-47086BB9012A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:17.4:r1-s7:*:*:*:*:*:*" ,
"matchCriteriaId" : "F0F65DCA-34B9-4CE8-91C9-426AAAEB4097"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:18.2:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "A8B5BD93-3C11-45D5-ACF0-7C4C01106C8A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:18.2:r1:*:*:*:*:*:*" ,
"matchCriteriaId" : "167EEC4F-729E-47C2-B0F8-E8108CE3E985"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:18.2:r1-s3:*:*:*:*:*:*" ,
"matchCriteriaId" : "A893CCE5-96B8-44A1-ABEF-6AB9B527B2FB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:18.2:r1-s4:*:*:*:*:*:*" ,
"matchCriteriaId" : "42203801-E2E7-4DCF-ABBB-D23A91B2A9FF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:juniper:junos:18.2:r1-s5:*:*:*:*:*:*" ,
"matchCriteriaId" : "238EC996-8E8C-4332-916F-09E54E6EBB9D"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://www.securityfocus.com/bid/106541" ,
"source" : "sirt@juniper.net" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "https://kb.juniper.net/JSA10900" ,
"source" : "sirt@juniper.net" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/" ,
"source" : "sirt@juniper.net"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/" ,
"source" : "sirt@juniper.net"
} ,
{
"url" : "http://www.securityfocus.com/bid/106541" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "https://kb.juniper.net/JSA10900" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMKFSHPMOZL7MDWU5RYOTIBTRWSZ4Z6X/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7CPKBW4QZ4VIY4UXIUVUSHRJ4R2FROE/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
}
} ,
2025-08-26 13:17:16 +02:00
{
"cve" : {
"id" : "CVE-2019-1010204" ,
"sourceIdentifier" : "josh@bress.net" ,
"published" : "2019-07-23T14:15:13.373" ,
"lastModified" : "2024-11-21T04:18:03.163" ,
"vulnStatus" : "Modified" ,
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened."
} ,
{
"lang" : "es" ,
"value" : "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) está afectado por: Validación incorrecta de entrada, comparación firmada / sin firmar, lectura fuera de límites. El impacto es: Denegación de servicio. El componente es: gold / fileread.cc: 497, elfcpp / elfcpp_file.h: 644. El vector de ataque es: Se debe abrir un archivo ELF con un campo de encabezado e_shoff no válido."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" ,
"baseScore" : 5.5 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 3.6
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P" ,
"baseScore" : 4.3 ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "PARTIAL"
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
} ,
2025-08-26 13:17:16 +02:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-125"
} ,
{
"lang" : "en" ,
"value" : "CWE-681"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "2.21" ,
"versionEndIncluding" : "2.31.1" ,
"matchCriteriaId" : "B1BF4DF3-4D96-4488-A1F7-38A7AF5DC725"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnu:binutils_gold:*:*:*:*:*:*:*:*" ,
"versionStartIncluding" : "1.11" ,
"versionEndIncluding" : "1.16" ,
"matchCriteriaId" : "52A4DA53-C77B-4E9E-94E3-D7F63C44A2F6"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A3C19813-E823-456A-B1CE-EC0684CE1953"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://security.netapp.com/advisory/ntap-20190822-0001/" ,
"source" : "josh@bress.net" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765" ,
"source" : "josh@bress.net" ,
"tags" : [
"Issue Tracking" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS" ,
"source" : "josh@bress.net"
} ,
{
"url" : "https://security.netapp.com/advisory/ntap-20190822-0001/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23765" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Issue Tracking" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://support.f5.com/csp/article/K05032915?utm_source=f5support&%3Butm_medium=RSS" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
}
} ,
2025-08-26 13:17:16 +02:00
{
"cve" : {
"id" : "CVE-2019-1010180" ,
"sourceIdentifier" : "josh@bress.net" ,
"published" : "2019-07-24T13:15:10.997" ,
"lastModified" : "2024-11-21T04:18:01.790" ,
"vulnStatus" : "Modified" ,
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet."
} ,
{
"lang" : "es" ,
"value" : "GNU gdb Todas las versiones se ven afectadas por: Desbordamiento de búfer - Acceso a memoria fuera de enlace. El impacto es: Denegación de servicio, Divulgación de memoria y Posible ejecución de código. El componente es: El módulo principal de gdb. El vector de ataque es: Abra un ELF para la depuración. La versión arregladas es: Aún no está arreglada."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P" ,
"baseScore" : 6.8 ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
"availabilityImpact" : "PARTIAL"
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
} ,
2025-08-26 13:17:16 +02:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-125"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "9.1" ,
"matchCriteriaId" : "2855B0DE-972E-4536-9D6E-3C57C4253177"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F1E78106-58E6-4D59-990F-75DA575BFAD9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B620311B-34A3-48A6-82DF-6F078D7A4493"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html" ,
"source" : "josh@bress.net" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html" ,
"source" : "josh@bress.net" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html" ,
"source" : "josh@bress.net" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html" ,
"source" : "josh@bress.net" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://www.securityfocus.com/bid/109367" ,
"source" : "josh@bress.net" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "https://security.gentoo.org/glsa/202003-31" ,
"source" : "josh@bress.net" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657" ,
"source" : "josh@bress.net" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00072.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00028.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00029.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://www.securityfocus.com/bid/109367" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
} ,
{
"url" : "https://security.gentoo.org/glsa/202003-31" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23657" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Patch" ,
"Third Party Advisory"
]
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
}
} ,
2025-08-26 13:17:16 +02:00
{
"cve" : {
"id" : "CVE-2019-14811" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2019-09-03T16:15:11.573" ,
"lastModified" : "2024-11-21T04:27:24.480" ,
"vulnStatus" : "Modified" ,
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands."
} ,
{
"lang" : "es" ,
"value" : "Se detecto un defecto en, ghostscript en versiones anteriores a la 9.50, en el procedimiento .pdf_hook_DSC_Creator donde no aseguró adecuadamente sus llamadas privilegiadas, permitiendo que los scripts omitieran las restricciones `-dSAFER`. Un archivo PostScript especialmente diseñado podría deshabilitar la protección de seguridad y luego tener acceso al sistema de archivos o ejecutar comandos arbitrarios."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV30" : [
{
"source" : "secalert@redhat.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.0" ,
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" ,
"baseScore" : 7.3 ,
"baseSeverity" : "HIGH" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "LOW"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 3.4
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P" ,
"baseScore" : 6.8 ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
"availabilityImpact" : "PARTIAL"
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
} ,
2025-08-26 13:17:16 +02:00
"weaknesses" : [
{
"source" : "secalert@redhat.com" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-648"
}
]
} ,
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-863"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "9.50" ,
"matchCriteriaId" : "1F129EB4-EEB2-46F1-8DAA-E016D7EE1356"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2F87326E-0B56-4356-A889-73D026DB1D4B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D100F7CE-FC64-4CC6-852A-6136D72DA419"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F1E78106-58E6-4D59-990F-75DA575BFAD9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B620311B-34A3-48A6-82DF-6F078D7A4493"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DEECE5FC-CACF-4496-A3E7-164736409252"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHBA-2019:2824" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2019:2594" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Mitigation" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://seclists.org/bugtraq/2019/Sep/15" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://security.gentoo.org/glsa/202004-03" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2019/dsa-4518" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHBA-2019:2824" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2019:2594" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14811" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Mitigation" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.debian.org/debian-lts-announce/2019/09/msg00007.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LBUC4DBBJTRFNCR3IODBV4IXB2C2HI3V/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://seclists.org/bugtraq/2019/Sep/15" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://security.gentoo.org/glsa/202004-03" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2019/dsa-4518" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
}
} ,
2025-08-26 13:17:16 +02:00
{
"cve" : {
"id" : "CVE-2019-17365" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2019-10-09T22:15:10.670" ,
"lastModified" : "2025-01-15T14:29:23.370" ,
"vulnStatus" : "Modified" ,
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "Nix through 2.3 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable."
} ,
{
"lang" : "es" ,
"value" : "Nix versiones hasta 2.3, permite a usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son de tipo world writable."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P" ,
"baseScore" : 4.6 ,
"accessVector" : "LOCAL" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
"availabilityImpact" : "PARTIAL"
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
} ,
2025-08-26 13:17:16 +02:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-276"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:nixos:nix:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "2.3" ,
"matchCriteriaId" : "41CBEDE7-C5CA-4533-8F81-940E20658FDF"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://www.openwall.com/lists/oss-security/2019/10/09/4" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2019/10/10/1" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2019/10/17/3" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2019/10/09/4" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2019/10/10/1" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2019/10/17/3" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
}
} ,
2025-08-26 13:17:16 +02:00
{
"cve" : {
"id" : "CVE-2019-18192" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2019-10-17T20:15:12.707" ,
"lastModified" : "2024-11-21T04:32:47.937" ,
"vulnStatus" : "Modified" ,
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365."
} ,
{
"lang" : "es" ,
"value" : "GNU Guix versión 1.0.1, permite a los usuarios locales conseguir acceso a la cuenta de un usuario arbitrario porque el directorio principal de los directorios de perfil de usuario son escribibles por todo el mundo, un problema similar a CVE-2019-17365."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P" ,
"baseScore" : 4.6 ,
"accessVector" : "LOCAL" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
"availabilityImpact" : "PARTIAL"
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
} ,
2025-08-26 13:17:16 +02:00
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-732"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:gnu:guix:1.0.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EBA9DBA1-9FDE-48F6-ACEB-8D9BFA91A4EE"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://www.openwall.com/lists/oss-security/2019/10/17/3" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://issues.guix.gnu.org/issue/37744" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Third Party Advisory"
]
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2019/10/17/3" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Patch" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://issues.guix.gnu.org/issue/37744" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Exploit" ,
"Issue Tracking" ,
"Third Party Advisory"
]
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
}
2025-08-26 13:17:16 +02:00
}
]
cve: Rewrite to read the JSON feed instead of the XML feed.
The XML feed was discontinued on Oct. 16th, 2019:
<https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement-Phase-3>
* guix/cve.scm (string->date*): New procedure.
(<cve-item>, <cve>, <cve-reference>): New record types.
(cpe-match->cve-configuration, configuration-data->cve-configurations)
(json->cve-items, version-matches?): New procedures.
(yearly-feed-uri): Change URL to refer to JSON feed.
(cpe->product-alist, %parse-vulnerability-feed)
(xml->vulnerabilities): Remove.
(cve-configuration->package-list, merge-package-lists)
(cve-item->vulnerability, json->vulnerabilities): New procedures.
(write-cache): Use 'json->vulnerabilities' instead of
'xml->vulnerabilities', and remove 'parameterize'.
(vulnerabilities->lookup-proc): Use 'version-matches?' when VERSION is
true.
* tests/cve.scm (%sample): Use 'tests/cve-sample.json'.
(%expected-vulnerabilities): Rewrite accordingly.
("json->cve-items", "cve-item-published-date")
("json->vulnerabilities"): New tests.
("xml->vulnerabilities"): Remove.
("vulnerabilities->lookup-proc"): Adjust to new vulnerabilities.
* tests/cve-sample.json: New file.
* tests/cve-sample.xml: Remove.
* Makefile.am (EXTRA_DIST): Adjust accordingly.
* doc/guix.texi (Invoking guix lint): Update nist.gov URLs.
2019-10-20 22:10:00 +02:00
}
