var-202001-1433
Vulnerability from variot
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox and Thunderbird Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ========================================================================= Ubuntu Security Notice USN-4203-2 November 27, 2019
nss vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
NSS could be made to crash or run programs if it received specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that NSS incorrectly handled certain memory operations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-37
https://security.gentoo.org/
Severity: Normal Title: Mozilla Network Security Service: Multiple vulnerabilities Date: March 16, 2020 Bugs: #627534, #676868, #701840 ID: 202003-37
Synopsis
Multiple vulnerabilities have been found in Mozilla Network Security Service (NSS), the worst of which may lead to arbitrary code execution. Please review the CVE identifiers referenced below for details.
Impact
An attacker could execute arbitrary code, cause a Denial of Service condition or have other unspecified impact.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Network Security Service (NSS) users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.49"
References
[ 1 ] CVE-2017-11695 https://nvd.nist.gov/vuln/detail/CVE-2017-11695 [ 2 ] CVE-2017-11696 https://nvd.nist.gov/vuln/detail/CVE-2017-11696 [ 3 ] CVE-2017-11697 https://nvd.nist.gov/vuln/detail/CVE-2017-11697 [ 4 ] CVE-2017-11698 https://nvd.nist.gov/vuln/detail/CVE-2017-11698 [ 5 ] CVE-2018-18508 https://nvd.nist.gov/vuln/detail/CVE-2018-18508 [ 6 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-37
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: nss, nss-softokn, nss-util security update Advisory ID: RHSA-2019:4190-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4190 Issue date: 2019-12-10 CVE Names: CVE-2019-11729 CVE-2019-11745 ==================================================================== 1. Summary:
An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.
The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.
The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.
Security Fix(es):
-
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)
-
nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault 1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm
x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm
x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm
ppc64: nss-3.44.0-7.el7_7.ppc.rpm nss-3.44.0-7.el7_7.ppc64.rpm nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-devel-3.44.0-7.el7_7.ppc.rpm nss-devel-3.44.0-7.el7_7.ppc64.rpm nss-softokn-3.44.0-8.el7_7.ppc.rpm nss-softokn-3.44.0-8.el7_7.ppc64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64.rpm nss-sysinit-3.44.0-7.el7_7.ppc64.rpm nss-tools-3.44.0-7.el7_7.ppc64.rpm nss-util-3.44.0-4.el7_7.ppc.rpm nss-util-3.44.0-4.el7_7.ppc64.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64.rpm nss-util-devel-3.44.0-4.el7_7.ppc.rpm nss-util-devel-3.44.0-4.el7_7.ppc64.rpm
ppc64le: nss-3.44.0-7.el7_7.ppc64le.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-devel-3.44.0-7.el7_7.ppc64le.rpm nss-softokn-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64le.rpm nss-sysinit-3.44.0-7.el7_7.ppc64le.rpm nss-tools-3.44.0-7.el7_7.ppc64le.rpm nss-util-3.44.0-4.el7_7.ppc64le.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64le.rpm nss-util-devel-3.44.0-4.el7_7.ppc64le.rpm
s390x: nss-3.44.0-7.el7_7.s390.rpm nss-3.44.0-7.el7_7.s390x.rpm nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-devel-3.44.0-7.el7_7.s390.rpm nss-devel-3.44.0-7.el7_7.s390x.rpm nss-softokn-3.44.0-8.el7_7.s390.rpm nss-softokn-3.44.0-8.el7_7.s390x.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390x.rpm nss-softokn-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-devel-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390x.rpm nss-sysinit-3.44.0-7.el7_7.s390x.rpm nss-tools-3.44.0-7.el7_7.s390x.rpm nss-util-3.44.0-4.el7_7.s390.rpm nss-util-3.44.0-4.el7_7.s390x.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390x.rpm nss-util-devel-3.44.0-4.el7_7.s390.rpm nss-util-devel-3.44.0-4.el7_7.s390x.rpm
x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64.rpm
ppc64le: nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64le.rpm
s390x: nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390x.rpm
x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm
x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-11729 https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXe/GMNzjgjWX9erEAQjtKBAAk1TZvBRRA8ZC4B0U49uerK/eMM24Q4xR PQWxuobDF/YzpJVZqDolO6CfRTBSnDHEuc/OkK0fC8Yskk0T9cp0DWAkHnUal0wB Zmd61xW4IGSHtEH+g7K8Rv0q8Mto5AeC1hggOwT+0INvRAAa/Qm0c7m0+OSyLIZi lgk9DLa+srY/6Z2wETS4b7DQiUA2nXegb7CbbnM0Mo2aooPeljsq6pkvyZy2Na0/ MMl/Xo8BWqU0lGrIBgVmrNRLMVkDJfVm7wSvBLaYk9EP758DfRLikm+GpGCowFUf +60rIxp1iG4Hto7BqusUwmJmdw6fDGeoJSX/qQu3ZHFbpEsd9HCzzGKg9QFmF/yY N4RWrM4KRMwqHG4qTpDYypKDn5QCGzh1dZuYQJ2gYLmHCBnTzrV0bDJtrzbUWwTx eFX1YLv4Vw6oYwT1cAx3Ho2B3kpufVezAzfUhtw8uj20Ix1B0NHDcCszNAFWrE8T QZ4BVVAzjl6xJoZSnjIQ+aBe3zVBW5P6yBhnqWUxS0VuGS3gbS6uPBMusr81sGK6 TjvPP+l8Ss6DQJic42+xruw8g8XqDqnUv3V12iTcOhqPtM7vmzExdMX5wXJ48lo9 Yl6UYkr6P4pM/vNQjgqD7UGud2ILthlwKzqdg9l4DZiA4pctAvAQtgEaL6783OK6 7R6thlrPkII=KHlQ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64
-
8) - aarch64, ppc64le, s390x, x86_64
-
8.0) - ppc64le, x86_64
For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2.
We recommend that you upgrade your nss packages.
For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1433", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "firefox esr", scope: "lt", trust: 1.8, vendor: "mozilla", version: "68.3", }, { model: "ruggedcom rox mx5000", scope: "lt", trust: 1, vendor: "siemens", version: "2.14.0", }, { model: "thunderbird", scope: "lt", trust: 1, vendor: "mozilla", version: "68.3.0", }, { model: "enterprise linux server aus", scope: "eq", trust: 1, vendor: "redhat", version: "6.6", }, { model: "firefox", scope: "lt", trust: 1, vendor: "mozilla", version: "71.0", }, { model: "ruggedcom rox rx1500", scope: "lt", trust: 1, vendor: "siemens", version: "2.14.0", }, { model: "ruggedcom rox rx1501", scope: "lt", trust: 1, vendor: "siemens", version: "2.14.0", }, { model: "ruggedcom rox rx5000", scope: "lt", trust: 1, vendor: "siemens", version: "2.14.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "19.10", }, { model: "ruggedcom rox rx1400", scope: "lt", trust: 1, vendor: "siemens", version: "2.14.0", }, { model: "ruggedcom rox rx1510", scope: "lt", trust: 1, vendor: "siemens", version: "2.14.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "18.04", }, { model: "leap", scope: "eq", trust: 1, vendor: "opensuse", version: "15.1", }, { model: "ruggedcom rox rx1511", scope: "lt", trust: 1, vendor: "siemens", version: "2.14.0", }, { model: "linux", scope: "eq", trust: 1, vendor: "debian", version: "9.0", }, { model: "ubuntu linux", scope: "eq", trust: 1, vendor: "canonical", version: "16.04", }, { model: "ruggedcom rox rx1512", scope: "lt", trust: 1, vendor: "siemens", version: "2.14.0", }, { model: "firefox", scope: "lt", trust: 0.8, vendor: "mozilla", version: "71", }, { model: "thunderbird", scope: "lt", trust: 0.8, vendor: "mozilla", version: "68.3", }, { model: "leap", scope: null, trust: 0.8, vendor: "opensuse", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013984", }, { db: "NVD", id: "CVE-2019-11745", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:mozilla:firefox", vulnerable: true, }, { cpe22Uri: "cpe:/a:mozilla:firefox_esr", vulnerable: true, }, { cpe22Uri: "cpe:/a:mozilla:thunderbird", vulnerable: true, }, { cpe22Uri: "cpe:/o:opensuse_project:leap", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013984", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Red Hat", sources: [ { db: "PACKETSTORM", id: "155622", }, { db: "PACKETSTORM", id: "155609", }, { db: "PACKETSTORM", id: "155589", }, { db: "PACKETSTORM", id: "156093", }, ], trust: 0.4, }, cve: "CVE-2019-11745", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", exploitabilityScore: 8.6, id: "CVE-2019-11745", impactScore: 6.4, integrityImpact: "PARTIAL", severity: "MEDIUM", trust: 1.9, vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "NETWORK", author: "nvd@nist.gov", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", exploitabilityScore: 2.8, id: "CVE-2019-11745", impactScore: 5.9, integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Network", author: "NVD", availabilityImpact: "High", baseScore: 8.8, baseSeverity: "High", confidentialityImpact: "High", exploitabilityScore: null, id: "CVE-2019-11745", impactScore: null, integrityImpact: "High", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, ], severity: [ { author: "nvd@nist.gov", id: "CVE-2019-11745", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2019-11745", trust: 0.8, value: "High", }, { author: "VULMON", id: "CVE-2019-11745", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULMON", id: "CVE-2019-11745", }, { db: "JVNDB", id: "JVNDB-2019-013984", }, { db: "NVD", id: "CVE-2019-11745", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox and Thunderbird Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. =========================================================================\nUbuntu Security Notice USN-4203-2\nNovember 27, 2019\n\nnss vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nNSS could be made to crash or run programs if it received specially crafted\ninput. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that NSS incorrectly handled certain memory operations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Mozilla Network Security Service: Multiple vulnerabilities\n Date: March 16, 2020\n Bugs: #627534, #676868, #701840\n ID: 202003-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Network Security\nService (NSS), the worst of which may lead to arbitrary code execution. Please review the CVE identifiers referenced\nbelow for details. \n\nImpact\n======\n\nAn attacker could execute arbitrary code, cause a Denial of Service\ncondition or have other unspecified impact. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Network Security Service (NSS) users should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nss-3.49\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-11695\n https://nvd.nist.gov/vuln/detail/CVE-2017-11695\n[ 2 ] CVE-2017-11696\n https://nvd.nist.gov/vuln/detail/CVE-2017-11696\n[ 3 ] CVE-2017-11697\n https://nvd.nist.gov/vuln/detail/CVE-2017-11697\n[ 4 ] CVE-2017-11698\n https://nvd.nist.gov/vuln/detail/CVE-2017-11698\n[ 5 ] CVE-2018-18508\n https://nvd.nist.gov/vuln/detail/CVE-2018-18508\n[ 6 ] CVE-2019-11745\n https://nvd.nist.gov/vuln/detail/CVE-2019-11745\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-37\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: nss, nss-softokn, nss-util security update\nAdvisory ID: RHSA-2019:4190-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:4190\nIssue date: 2019-12-10\nCVE Names: CVE-2019-11729 CVE-2019-11745\n====================================================================\n1. Summary:\n\nAn update for nss, nss-softokn, and nss-util is now available for Red Hat\nEnterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nThe nss-softokn package provides the Network Security Services Softoken\nCryptographic Module. \n\nThe nss-util packages provide utilities for use with the Network Security\nServices (NSS) libraries. \n\nSecurity Fix(es):\n\n* nss: Out-of-bounds write when passing an output buffer smaller than the\nblock size to NSC_EncryptUpdate (CVE-2019-11745)\n\n* nss: Empty or malformed p256-ECDH public keys may trigger a segmentation\nfault (CVE-2019-11729)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS (for example, Firefox)\nmust be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault\n1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nnss-3.44.0-7.el7_7.src.rpm\nnss-softokn-3.44.0-8.el7_7.src.rpm\nnss-util-3.44.0-4.el7_7.src.rpm\n\nx86_64:\nnss-3.44.0-7.el7_7.i686.rpm\nnss-3.44.0-7.el7_7.x86_64.rpm\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-3.44.0-8.el7_7.i686.rpm\nnss-softokn-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm\nnss-sysinit-3.44.0-7.el7_7.x86_64.rpm\nnss-tools-3.44.0-7.el7_7.x86_64.rpm\nnss-util-3.44.0-4.el7_7.i686.rpm\nnss-util-3.44.0-4.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-devel-3.44.0-7.el7_7.i686.rpm\nnss-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\nnss-util-devel-3.44.0-4.el7_7.i686.rpm\nnss-util-devel-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nnss-3.44.0-7.el7_7.src.rpm\nnss-softokn-3.44.0-8.el7_7.src.rpm\nnss-util-3.44.0-4.el7_7.src.rpm\n\nx86_64:\nnss-3.44.0-7.el7_7.i686.rpm\nnss-3.44.0-7.el7_7.x86_64.rpm\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-3.44.0-8.el7_7.i686.rpm\nnss-softokn-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm\nnss-sysinit-3.44.0-7.el7_7.x86_64.rpm\nnss-tools-3.44.0-7.el7_7.x86_64.rpm\nnss-util-3.44.0-4.el7_7.i686.rpm\nnss-util-3.44.0-4.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-devel-3.44.0-7.el7_7.i686.rpm\nnss-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\nnss-util-devel-3.44.0-4.el7_7.i686.rpm\nnss-util-devel-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nnss-3.44.0-7.el7_7.src.rpm\nnss-softokn-3.44.0-8.el7_7.src.rpm\nnss-util-3.44.0-4.el7_7.src.rpm\n\nppc64:\nnss-3.44.0-7.el7_7.ppc.rpm\nnss-3.44.0-7.el7_7.ppc64.rpm\nnss-debuginfo-3.44.0-7.el7_7.ppc.rpm\nnss-debuginfo-3.44.0-7.el7_7.ppc64.rpm\nnss-devel-3.44.0-7.el7_7.ppc.rpm\nnss-devel-3.44.0-7.el7_7.ppc64.rpm\nnss-softokn-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-3.44.0-8.el7_7.ppc64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.ppc64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-devel-3.44.0-8.el7_7.ppc64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.ppc64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64.rpm\nnss-sysinit-3.44.0-7.el7_7.ppc64.rpm\nnss-tools-3.44.0-7.el7_7.ppc64.rpm\nnss-util-3.44.0-4.el7_7.ppc.rpm\nnss-util-3.44.0-4.el7_7.ppc64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.ppc.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.ppc64.rpm\nnss-util-devel-3.44.0-4.el7_7.ppc.rpm\nnss-util-devel-3.44.0-4.el7_7.ppc64.rpm\n\nppc64le:\nnss-3.44.0-7.el7_7.ppc64le.rpm\nnss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm\nnss-devel-3.44.0-7.el7_7.ppc64le.rpm\nnss-softokn-3.44.0-8.el7_7.ppc64le.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.ppc64le.rpm\nnss-softokn-devel-3.44.0-8.el7_7.ppc64le.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.ppc64le.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64le.rpm\nnss-sysinit-3.44.0-7.el7_7.ppc64le.rpm\nnss-tools-3.44.0-7.el7_7.ppc64le.rpm\nnss-util-3.44.0-4.el7_7.ppc64le.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.ppc64le.rpm\nnss-util-devel-3.44.0-4.el7_7.ppc64le.rpm\n\ns390x:\nnss-3.44.0-7.el7_7.s390.rpm\nnss-3.44.0-7.el7_7.s390x.rpm\nnss-debuginfo-3.44.0-7.el7_7.s390.rpm\nnss-debuginfo-3.44.0-7.el7_7.s390x.rpm\nnss-devel-3.44.0-7.el7_7.s390.rpm\nnss-devel-3.44.0-7.el7_7.s390x.rpm\nnss-softokn-3.44.0-8.el7_7.s390.rpm\nnss-softokn-3.44.0-8.el7_7.s390x.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.s390.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.s390x.rpm\nnss-softokn-devel-3.44.0-8.el7_7.s390.rpm\nnss-softokn-devel-3.44.0-8.el7_7.s390x.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.s390.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.s390x.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.s390.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.s390x.rpm\nnss-sysinit-3.44.0-7.el7_7.s390x.rpm\nnss-tools-3.44.0-7.el7_7.s390x.rpm\nnss-util-3.44.0-4.el7_7.s390.rpm\nnss-util-3.44.0-4.el7_7.s390x.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.s390.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.s390x.rpm\nnss-util-devel-3.44.0-4.el7_7.s390.rpm\nnss-util-devel-3.44.0-4.el7_7.s390x.rpm\n\nx86_64:\nnss-3.44.0-7.el7_7.i686.rpm\nnss-3.44.0-7.el7_7.x86_64.rpm\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-devel-3.44.0-7.el7_7.i686.rpm\nnss-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-3.44.0-8.el7_7.i686.rpm\nnss-softokn-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-sysinit-3.44.0-7.el7_7.x86_64.rpm\nnss-tools-3.44.0-7.el7_7.x86_64.rpm\nnss-util-3.44.0-4.el7_7.i686.rpm\nnss-util-3.44.0-4.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\nnss-util-devel-3.44.0-4.el7_7.i686.rpm\nnss-util-devel-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nnss-debuginfo-3.44.0-7.el7_7.ppc.rpm\nnss-debuginfo-3.44.0-7.el7_7.ppc64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.ppc.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.ppc64.rpm\n\nppc64le:\nnss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.44.0-7.el7_7.s390.rpm\nnss-debuginfo-3.44.0-7.el7_7.s390x.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.s390.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nnss-3.44.0-7.el7_7.src.rpm\nnss-softokn-3.44.0-8.el7_7.src.rpm\nnss-util-3.44.0-4.el7_7.src.rpm\n\nx86_64:\nnss-3.44.0-7.el7_7.i686.rpm\nnss-3.44.0-7.el7_7.x86_64.rpm\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-devel-3.44.0-7.el7_7.i686.rpm\nnss-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-3.44.0-8.el7_7.i686.rpm\nnss-softokn-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-sysinit-3.44.0-7.el7_7.x86_64.rpm\nnss-tools-3.44.0-7.el7_7.x86_64.rpm\nnss-util-3.44.0-4.el7_7.i686.rpm\nnss-util-3.44.0-4.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\nnss-util-devel-3.44.0-4.el7_7.i686.rpm\nnss-util-devel-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11729\nhttps://access.redhat.com/security/cve/CVE-2019-11745\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXe/GMNzjgjWX9erEAQjtKBAAk1TZvBRRA8ZC4B0U49uerK/eMM24Q4xR\nPQWxuobDF/YzpJVZqDolO6CfRTBSnDHEuc/OkK0fC8Yskk0T9cp0DWAkHnUal0wB\nZmd61xW4IGSHtEH+g7K8Rv0q8Mto5AeC1hggOwT+0INvRAAa/Qm0c7m0+OSyLIZi\nlgk9DLa+srY/6Z2wETS4b7DQiUA2nXegb7CbbnM0Mo2aooPeljsq6pkvyZy2Na0/\nMMl/Xo8BWqU0lGrIBgVmrNRLMVkDJfVm7wSvBLaYk9EP758DfRLikm+GpGCowFUf\n+60rIxp1iG4Hto7BqusUwmJmdw6fDGeoJSX/qQu3ZHFbpEsd9HCzzGKg9QFmF/yY\nN4RWrM4KRMwqHG4qTpDYypKDn5QCGzh1dZuYQJ2gYLmHCBnTzrV0bDJtrzbUWwTx\neFX1YLv4Vw6oYwT1cAx3Ho2B3kpufVezAzfUhtw8uj20Ix1B0NHDcCszNAFWrE8T\nQZ4BVVAzjl6xJoZSnjIQ+aBe3zVBW5P6yBhnqWUxS0VuGS3gbS6uPBMusr81sGK6\nTjvPP+l8Ss6DQJic42+xruw8g8XqDqnUv3V12iTcOhqPtM7vmzExdMX5wXJ48lo9\nYl6UYkr6P4pM/vNQjgqD7UGud2ILthlwKzqdg9l4DZiA4pctAvAQtgEaL6783OK6\n7R6thlrPkII=KHlQ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6) - i386, x86_64\n\n3. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. 8.0) - ppc64le, x86_64\n\n3. \n \nFor the stable distribution (buster), these problems have been fixed in\nversion 2:3.42.1-1+deb10u2. \n\nWe recommend that you upgrade your nss packages. \n\nFor the detailed security status of nss please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nss\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8\nTjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj\nsSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl\nBt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq\njG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH\nUTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0\nhR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o\nDpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F\n8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co\nTgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz\nZ4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5\nyOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw=\n=QZmZ\n-----END PGP SIGNATURE-----\n", sources: [ { db: "NVD", id: "CVE-2019-11745", }, { db: "JVNDB", id: "JVNDB-2019-013984", }, { db: "VULMON", id: "CVE-2019-11745", }, { db: "PACKETSTORM", id: "155487", }, { db: "PACKETSTORM", id: "156770", }, { db: "PACKETSTORM", id: "155486", }, { db: "PACKETSTORM", id: "155622", }, { db: "PACKETSTORM", id: "155609", }, { db: "PACKETSTORM", id: "155589", }, { db: "PACKETSTORM", id: "156093", }, { db: "PACKETSTORM", id: "155601", }, ], trust: 2.43, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2019-11745", trust: 2.7, }, { db: "ICS CERT", id: "ICSA-21-040-04", trust: 1.1, }, { db: "SIEMENS", id: "SSA-379803", trust: 1.1, }, { db: "JVNDB", id: "JVNDB-2019-013984", trust: 0.8, }, { db: "VULMON", id: "CVE-2019-11745", trust: 0.1, }, { db: "PACKETSTORM", id: "155487", trust: 0.1, }, { db: "PACKETSTORM", id: "156770", trust: 0.1, }, { db: "PACKETSTORM", id: "155486", trust: 0.1, }, { db: "PACKETSTORM", id: "155622", trust: 0.1, }, { db: "PACKETSTORM", id: "155609", trust: 0.1, }, { db: "PACKETSTORM", id: "155589", trust: 0.1, }, { db: "PACKETSTORM", id: "156093", trust: 0.1, }, { db: "PACKETSTORM", id: "155601", trust: 0.1, }, ], sources: [ { db: "VULMON", id: "CVE-2019-11745", }, { db: "JVNDB", id: "JVNDB-2019-013984", }, { db: "PACKETSTORM", id: "155487", }, { db: "PACKETSTORM", id: "156770", }, { db: "PACKETSTORM", id: "155486", }, { db: "PACKETSTORM", id: "155622", }, { db: "PACKETSTORM", id: "155609", }, { db: "PACKETSTORM", id: "155589", }, { db: "PACKETSTORM", id: "156093", }, { db: "PACKETSTORM", id: "155601", }, { db: "NVD", id: "CVE-2019-11745", }, ], }, id: "VAR-202001-1433", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VARIoT devices database", id: null, }, ], trust: 0.52540106, }, last_update_date: "2024-11-29T22:35:51.750000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "MFSA2019-36", trust: 0.8, url: "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/", }, { title: "MFSA2019-37", trust: 0.8, url: "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/", }, { title: "MFSA2019-38", trust: 0.8, url: "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/", }, { title: "openSUSE-SU-2020:0008-1", trust: 0.8, url: "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", }, { title: "openSUSE-SU-2020:0003-1", trust: 0.8, url: "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", }, { title: "openSUSE-SU-2020:0002-1", trust: 0.8, url: "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", }, { title: "Red Hat: Important: nss security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200243 - Security Advisory", }, { title: "Red Hat: Important: nss-softokn security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201461 - Security Advisory", }, { title: "Red Hat: Important: nss security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194114 - Security Advisory", }, { title: "Red Hat: Important: nss-softokn security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200466 - Security Advisory", }, { title: "Red Hat: Important: nss-softokn security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194152 - Security Advisory", }, { title: "Red Hat: Important: nss, nss-softokn, nss-util security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194190 - Security Advisory", }, { title: "Red Hat: Important: nss-softokn security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201345 - Security Advisory", }, { title: "Red Hat: Important: nss-softokn security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201267 - Security Advisory", }, { title: "Ubuntu Security Notice: nss vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-2", }, { title: "Ubuntu Security Notice: nss vulnerability", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-1", }, { title: "Debian Security Advisories: DSA-4579-1 nss -- security update", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0af759a984821af0886871e7a26a298e", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-11745 log", }, { title: "Amazon Linux 2: ALAS2-2020-1379", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1379", }, { title: "IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=74fd642ff4a4659039a762a5a0a24106", }, { title: "Amazon Linux 2: ALAS2-2023-1942", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1942", }, { title: "Amazon Linux 2: ALAS2-2020-1384", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1384", }, { title: "Amazon Linux AMI: ALAS-2020-1355", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1355", }, { title: "Ubuntu Security Notice: firefox vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-1", }, { title: "Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code execution", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-2", }, { title: "Ubuntu Security Notice: firefox vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-2", }, { title: "Ubuntu Security Notice: thunderbird vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4241-1", }, { title: "Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=940e53f5eecee1395e2713b0ed07506b", }, { title: "Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=dffa374fab03b4f5b5596346629ccc8c", }, { title: "Arch Linux Advisories: [ASA-201912-1] firefox: multiple issues", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-1", }, { title: "Siemens Security Advisories: Siemens Security Advisory", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000", }, { title: "Mozilla: Security Vulnerabilities fixed in - Firefox 71", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=a8e439d387c58595bbdb24cc3bdadd40", }, { title: "Ubuntu Security Notice: thunderbird vulnerabilities", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4335-1", }, { title: "", trust: 0.1, url: "https://github.com/vincent-deng/veracode-container-security-finding-parser ", }, ], sources: [ { db: "VULMON", id: "CVE-2019-11745", }, { db: "JVNDB", id: "JVNDB-2019-013984", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "CWE-787", trust: 1.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2019-013984", }, { db: "NVD", id: "CVE-2019-11745", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.6, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11745", }, { trust: 1.3, url: "https://access.redhat.com/errata/rhsa-2020:0243", }, { trust: 1.2, url: "https://security.gentoo.org/glsa/202003-37", }, { trust: 1.1, url: "https://www.mozilla.org/security/advisories/mfsa2019-38/", }, { trust: 1.1, url: "https://www.mozilla.org/security/advisories/mfsa2019-37/", }, { trust: 1.1, url: "https://www.mozilla.org/security/advisories/mfsa2019-36/", }, { trust: 1.1, url: "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html", }, { trust: 1.1, url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html", }, { trust: 1.1, url: "https://usn.ubuntu.com/4241-1/", }, { trust: 1.1, url: "https://access.redhat.com/errata/rhsa-2020:0466", }, { trust: 1.1, url: "https://security.gentoo.org/glsa/202003-02", }, { trust: 1.1, url: "https://security.gentoo.org/glsa/202003-10", }, { trust: 1.1, url: "https://usn.ubuntu.com/4335-1/", }, { trust: 1.1, url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html", }, { trust: 1.1, url: "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf", }, { trust: 1.1, url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04", }, { trust: 0.8, url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11745", }, { trust: 0.4, url: "https://www.redhat.com/mailman/listinfo/rhsa-announce", }, { trust: 0.4, url: "https://access.redhat.com/security/cve/cve-2019-11745", }, { trust: 0.4, url: "https://bugzilla.redhat.com/):", }, { trust: 0.4, url: "https://access.redhat.com/security/team/key/", }, { trust: 0.4, url: "https://access.redhat.com/articles/11258", }, { trust: 0.4, url: "https://access.redhat.com/security/team/contact/", }, { trust: 0.4, url: "https://access.redhat.com/security/updates/classification/#important", }, { trust: 0.2, url: "https://usn.ubuntu.com/4203-1", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/787.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://usn.ubuntu.com/4203-2/", }, { trust: 0.1, url: "https://usn.ubuntu.com/4203-1/", }, { trust: 0.1, url: "https://usn.ubuntu.com/4203-2", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-11696", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-11695", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2018-18508", }, { trust: 0.1, url: "https://bugs.gentoo.org.", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-11697", }, { trust: 0.1, url: "https://creativecommons.org/licenses/by-sa/2.5", }, { trust: 0.1, url: "https://security.gentoo.org/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2017-11698", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.5", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.3", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nss/2:3.45-1ubuntu2.1", }, { trust: 0.1, url: "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.8", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-11729", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2019-11729", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2019:4190", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2019:4152", }, { trust: 0.1, url: "https://access.redhat.com/errata/rhsa-2019:4114", }, { trust: 0.1, url: "https://security-tracker.debian.org/tracker/nss", }, { trust: 0.1, url: "https://www.debian.org/security/faq", }, { trust: 0.1, url: "https://www.debian.org/security/", }, { trust: 0.1, url: "https://nvd.nist.gov/vuln/detail/cve-2019-17007", }, ], sources: [ { db: "VULMON", id: "CVE-2019-11745", }, { db: "JVNDB", id: "JVNDB-2019-013984", }, { db: "PACKETSTORM", id: "155487", }, { db: "PACKETSTORM", id: "156770", }, { db: "PACKETSTORM", id: "155486", }, { db: "PACKETSTORM", id: "155622", }, { db: "PACKETSTORM", id: "155609", }, { db: "PACKETSTORM", id: "155589", }, { db: "PACKETSTORM", id: "156093", }, { db: "PACKETSTORM", id: "155601", }, { db: "NVD", id: "CVE-2019-11745", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULMON", id: "CVE-2019-11745", }, { db: "JVNDB", id: "JVNDB-2019-013984", }, { db: "PACKETSTORM", id: "155487", }, { db: "PACKETSTORM", id: "156770", }, { db: "PACKETSTORM", id: "155486", }, { db: "PACKETSTORM", id: "155622", }, { db: "PACKETSTORM", id: "155609", }, { db: "PACKETSTORM", id: "155589", }, { db: "PACKETSTORM", id: "156093", }, { db: "PACKETSTORM", id: "155601", }, { db: "NVD", id: "CVE-2019-11745", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2020-01-08T00:00:00", db: "VULMON", id: "CVE-2019-11745", }, { date: "2020-01-23T00:00:00", db: "JVNDB", id: "JVNDB-2019-013984", }, { date: "2019-11-28T01:22:40", db: "PACKETSTORM", id: "155487", }, { date: "2020-03-16T22:35:27", db: "PACKETSTORM", id: "156770", }, { date: "2019-11-28T01:22:35", db: "PACKETSTORM", id: "155486", }, { date: "2019-12-10T23:01:23", db: "PACKETSTORM", id: "155622", }, { date: "2019-12-10T15:49:04", db: "PACKETSTORM", id: "155609", }, { date: "2019-12-09T15:52:48", db: "PACKETSTORM", id: "155589", }, { date: "2020-01-27T22:53:39", db: "PACKETSTORM", id: "156093", }, { date: "2019-12-09T22:22:22", db: "PACKETSTORM", id: "155601", }, { date: "2020-01-08T20:15:12.313000", db: "NVD", id: "CVE-2019-11745", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-02-19T00:00:00", db: "VULMON", id: "CVE-2019-11745", }, { date: "2020-01-23T00:00:00", db: "JVNDB", id: "JVNDB-2019-013984", }, { date: "2024-11-21T04:21:42.373000", db: "NVD", id: "CVE-2019-11745", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "PACKETSTORM", id: "155487", }, { db: "PACKETSTORM", id: "155486", }, ], trust: 0.2, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Firefox and Thunderbird Vulnerable to out-of-bounds writing", sources: [ { db: "JVNDB", id: "JVNDB-2019-013984", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "arbitrary", sources: [ { db: "PACKETSTORM", id: "155487", }, { db: "PACKETSTORM", id: "155486", }, { db: "PACKETSTORM", id: "155601", }, ], trust: 0.3, }, }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.