csaf_certbund - wid-sec-w-2022-0193

wid-sec-w-2022-0193

Vulnerability from csaf_certbund

Published

2020-11-03 23:00

Modified

2023-09-27 22:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "hoch",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- Linux",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2022-0193 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2022-0193.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2022-0193 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0193",
         },
         {
            category: "external",
            summary: "Amazon Linux Security Advisory ALASANSIBLE2-2023-007 vom 2023-09-27",
            url: "https://alas.aws.amazon.com/AL2/ALASANSIBLE2-2023-007.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2021:0891-1 vom 2021-03-19",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008525.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2021:0949-1 vom 2021-03-24",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2021-March/008554.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2021:1107-1 vom 2021-04-08",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008596.html",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:2021 vom 2021-05-19",
            url: "https://access.redhat.com/errata/RHSA-2021:2021",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2021:1637-1 vom 2021-05-19",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008783.html",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4432 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4432",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4436 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4436",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4482 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4482",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4542 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4542",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4547 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4547",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4605 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4605",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4619 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4619",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4638 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4638",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4649 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4649",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4687 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4687",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4709 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4709",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4805 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4805",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4820 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4820",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4756 vom 2020-11-03",
            url: "https://access.redhat.com/errata/RHSA-2020:4756",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:4900 vom 2020-11-04",
            url: "https://access.redhat.com/errata/RHSA-2020:4900",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:5004 vom 2020-11-10",
            url: "https://access.redhat.com/errata/RHSA-2020:5004",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:5003 vom 2020-11-10",
            url: "https://access.redhat.com/errata/RHSA-2020:5003",
         },
         {
            category: "external",
            summary: "Oracle Linux Security Advisory ELSA-2020-5003 vom 2020-11-12",
            url: "http://linux.oracle.com/errata/ELSA-2020-5003.html",
         },
         {
            category: "external",
            summary: "Oracle Linux Security Advisory ELSA-2020-4542 vom 2020-11-11",
            url: "https://linux.oracle.com/errata/ELSA-2020-4542.html",
         },
         {
            category: "external",
            summary: "CentOS Security Advisory CESA-2020:5003 vom 2020-11-18",
            url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-5003-Low-CentOS-7-fence-agents-Security-Update-tp4646065.html",
         },
         {
            category: "external",
            summary: "CentOS Security Advisory CESA-2020:5004 vom 2020-11-18",
            url: "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-5004-Low-CentOS-7-resource-agents-Security-Update-tp4646038.html",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:5149 vom 2020-11-18",
            url: "https://access.redhat.com/errata/RHSA-2020:5149",
         },
         {
            category: "external",
            summary: "Oracle Linux Security Advisory ELSA-2020-5947 vom 2020-11-24",
            url: "https://linux.oracle.com/errata/ELSA-2020-5947.html",
         },
         {
            category: "external",
            summary: "AVAYA Security Advisory ASA-2020-191 vom 2020-11-25",
            url: "https://downloads.avaya.com/css/P8/documents/101072549",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2020:3565-1 vom 2020-11-30",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007889.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2020:3566-1 vom 2020-11-30",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007890.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2020:3596-1 vom 2020-12-02",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007903.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2020:3597-1 vom 2020-12-02",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007904.html",
         },
         {
            category: "external",
            summary: "AVAYA Security Advisory ASA-2020-171 vom 2020-12-07",
            url: "https://downloads.avaya.com/css/P8/documents/101072804",
         },
         {
            category: "external",
            summary: "AVAYA Security Advisory ASA-2020-173 vom 2020-12-07",
            url: "https://downloads.avaya.com/css/P8/documents/101072802",
         },
         {
            category: "external",
            summary: "AVAYA Security Advisory ASA-2020-170 vom 2020-12-07",
            url: "https://downloads.avaya.com/css/P8/documents/101072805",
         },
         {
            category: "external",
            summary: "AVAYA Security Advisory ASA-2020-196 vom 2020-12-08",
            url: "https://downloads.avaya.com/css/P8/documents/101072837",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2020:3737-1 vom 2020-12-10",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2020-December/007949.html",
         },
         {
            category: "external",
            summary: "Amazon Linux Security Advisory ALAS-2021-1639 vom 2021-05-24",
            url: "https://alas.aws.amazon.com/AL2/ALAS-2021-1639.html",
         },
         {
            category: "external",
            summary: "AVAYA Security Advisory ASA-2020-166 vom 2020-12-15",
            url: "https://downloads.avaya.com/css/P8/documents/101072982",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:0146 vom 2021-01-14",
            url: "https://access.redhat.com/errata/RHSA-2021:0146",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:0258 vom 2021-01-26",
            url: "https://access.redhat.com/errata/RHSA-2021:0258",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:2116 vom 2021-05-26",
            url: "https://access.redhat.com/errata/RHSA-2021:2116",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:0281 vom 2021-02-03",
            url: "https://access.redhat.com/errata/RHSA-2021:0281",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:0308 vom 2021-02-08",
            url: "https://access.redhat.com/errata/RHSA-2021:0308",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:0310 vom 2021-02-08",
            url: "https://access.redhat.com/errata/RHSA-2021:0310",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2021:0344-1 vom 2021-02-08",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008282.html",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:0313 vom 2021-02-09",
            url: "https://access.redhat.com/errata/RHSA-2021:0313",
         },
         {
            category: "external",
            summary: "Debian Security Advisory DLA-2645 vom 2021-04-29",
            url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:5635 vom 2021-02-24",
            url: "https://access.redhat.com/errata/RHSA-2020:5635",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2020:5633 vom 2021-02-24",
            url: "https://access.redhat.com/errata/RHSA-2020:5633",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2021:1779-1 vom 2021-05-27",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008868.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2021:1806-1 vom 2021-05-31",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008895.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2021:1808-1 vom 2021-05-31",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008896.html",
         },
         {
            category: "external",
            summary: "SUSE Security Update SUSE-SU-2021:1807-1 vom 2021-05-31",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2021-May/008894.html",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:3016 vom 2021-08-06",
            url: "https://access.redhat.com/errata/RHSA-2021:3016",
         },
         {
            category: "external",
            summary: "Oracle Linux Security Advisory ELSA-2020-5004 vom 2021-11-05",
            url: "https://linux.oracle.com/errata/ELSA-2020-5004.html",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2021:4179 vom 2021-11-09",
            url: "https://access.redhat.com/errata/RHSA-2021:4179",
         },
         {
            category: "external",
            summary: "Debian Security Advisory DLA-2850 vom 2021-12-26",
            url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2022:0633 vom 2022-02-22",
            url: "https://access.redhat.com/errata/RHSA-2022:0633",
         },
         {
            category: "external",
            summary: "Oracle Linux Security Advisory ELSA-2022-9204 vom 2022-03-10",
            url: "https://linux.oracle.com/errata/ELSA-2022-9204.html",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2022:0056 vom 2022-03-10",
            url: "https://access.redhat.com/errata/RHSA-2022:0056",
         },
         {
            category: "external",
            summary: "Ubuntu Security Notice USN-5474-1 vom 2022-06-08",
            url: "https://ubuntu.com/security/notices/USN-5474-1",
         },
         {
            category: "external",
            summary: "Red Hat Security Advisory RHSA-2022:5234 vom 2022-06-28",
            url: "https://access.redhat.com/errata/RHSA-2022:5234",
         },
         {
            category: "external",
            summary: "Oracle Linux Security Advisory ELSA-2022-5234 vom 2022-06-30",
            url: "http://linux.oracle.com/errata/ELSA-2022-5234.html",
         },
         {
            category: "external",
            summary: "CentOS Security Advisory CESA-2022:5234 vom 2022-08-02",
            url: "https://lists.centos.org/pipermail/centos-announce/2022-August/073616.html",
         },
         {
            category: "external",
            summary: "Ubuntu Security Notice USN-5474-2 vom 2022-08-24",
            url: "https://ubuntu.com/security/notices/USN-5474-2",
         },
         {
            category: "external",
            summary: "NetApp Security Advisory NTAP-20221111-0004 vom 2022-11-11",
            url: "https://security.netapp.com/advisory/ntap-20221111-0004/",
         },
      ],
      source_lang: "en-US",
      title: "Red Hat Enterprise Linux: Mehrere Schwachstellen",
      tracking: {
         current_release_date: "2023-09-27T22:00:00.000+00:00",
         generator: {
            date: "2024-08-15T17:27:12.438+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.5",
            },
         },
         id: "WID-SEC-W-2022-0193",
         initial_release_date: "2020-11-03T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2020-11-03T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
            {
               date: "2020-11-04T23:00:00.000+00:00",
               number: "2",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2020-11-10T23:00:00.000+00:00",
               number: "3",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2020-11-11T23:00:00.000+00:00",
               number: "4",
               summary: "Neue Updates von Oracle Linux aufgenommen",
            },
            {
               date: "2020-11-18T23:00:00.000+00:00",
               number: "5",
               summary: "Neue Updates von CentOS und Red Hat aufgenommen",
            },
            {
               date: "2020-11-23T23:00:00.000+00:00",
               number: "6",
               summary: "Neue Updates von Oracle Linux aufgenommen",
            },
            {
               date: "2020-11-26T23:00:00.000+00:00",
               number: "7",
               summary: "Workaround von AVAYA aufgenommen",
            },
            {
               date: "2020-11-30T23:00:00.000+00:00",
               number: "8",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2020-12-02T23:00:00.000+00:00",
               number: "9",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2020-12-08T23:00:00.000+00:00",
               number: "10",
               summary: "Neue Updates von AVAYA aufgenommen",
            },
            {
               date: "2020-12-09T23:00:00.000+00:00",
               number: "11",
               summary: "Neue Updates von AVAYA und SUSE aufgenommen",
            },
            {
               date: "2020-12-16T23:00:00.000+00:00",
               number: "12",
               summary: "Neue Updates von AVAYA aufgenommen",
            },
            {
               date: "2021-01-14T23:00:00.000+00:00",
               number: "13",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2021-01-25T23:00:00.000+00:00",
               number: "14",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2021-02-02T23:00:00.000+00:00",
               number: "15",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2021-02-08T23:00:00.000+00:00",
               number: "16",
               summary: "Neue Updates von Red Hat und SUSE aufgenommen",
            },
            {
               date: "2021-02-09T23:00:00.000+00:00",
               number: "17",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2021-02-24T23:00:00.000+00:00",
               number: "18",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2021-03-21T23:00:00.000+00:00",
               number: "19",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2021-03-24T23:00:00.000+00:00",
               number: "20",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2021-04-08T22:00:00.000+00:00",
               number: "21",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2021-04-29T22:00:00.000+00:00",
               number: "22",
               summary: "Neue Updates von Debian aufgenommen",
            },
            {
               date: "2021-05-18T22:00:00.000+00:00",
               number: "23",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2021-05-19T22:00:00.000+00:00",
               number: "24",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2021-05-24T22:00:00.000+00:00",
               number: "25",
               summary: "Neue Updates von Amazon aufgenommen",
            },
            {
               date: "2021-05-26T22:00:00.000+00:00",
               number: "26",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2021-05-27T22:00:00.000+00:00",
               number: "27",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2021-05-31T22:00:00.000+00:00",
               number: "28",
               summary: "Neue Updates von SUSE aufgenommen",
            },
            {
               date: "2021-08-05T22:00:00.000+00:00",
               number: "29",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2021-11-07T23:00:00.000+00:00",
               number: "30",
               summary: "Neue Updates von Oracle Linux aufgenommen",
            },
            {
               date: "2021-11-09T23:00:00.000+00:00",
               number: "31",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2021-12-26T23:00:00.000+00:00",
               number: "32",
               summary: "Neue Updates von Debian aufgenommen",
            },
            {
               date: "2022-02-22T23:00:00.000+00:00",
               number: "33",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2022-03-09T23:00:00.000+00:00",
               number: "34",
               summary: "Neue Updates von Oracle Linux aufgenommen",
            },
            {
               date: "2022-03-10T23:00:00.000+00:00",
               number: "35",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2022-06-08T22:00:00.000+00:00",
               number: "36",
               summary: "Neue Updates von Ubuntu aufgenommen",
            },
            {
               date: "2022-06-28T22:00:00.000+00:00",
               number: "37",
               summary: "Neue Updates von Red Hat aufgenommen",
            },
            {
               date: "2022-06-29T22:00:00.000+00:00",
               number: "38",
               summary: "Neue Updates von Oracle Linux aufgenommen",
            },
            {
               date: "2022-08-03T22:00:00.000+00:00",
               number: "39",
               summary: "Neue Updates von CentOS aufgenommen",
            },
            {
               date: "2022-08-24T22:00:00.000+00:00",
               number: "40",
               summary: "Neue Updates von Ubuntu aufgenommen",
            },
            {
               date: "2022-11-10T23:00:00.000+00:00",
               number: "41",
               summary: "Neue Updates von NetApp aufgenommen",
            },
            {
               date: "2023-09-27T22:00:00.000+00:00",
               number: "42",
               summary: "Neue Updates von Amazon aufgenommen",
            },
         ],
         status: "final",
         version: "42",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_name",
                  name: "Amazon Linux 2",
                  product: {
                     name: "Amazon Linux 2",
                     product_id: "398363",
                     product_identification_helper: {
                        cpe: "cpe:/o:amazon:linux_2:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Amazon",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Avaya Aura Experience Portal",
                  product: {
                     name: "Avaya Aura Experience Portal",
                     product_id: "T015519",
                     product_identification_helper: {
                        cpe: "cpe:/a:avaya:aura_experience_portal:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Avaya",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Debian Linux",
                  product: {
                     name: "Debian Linux",
                     product_id: "2951",
                     product_identification_helper: {
                        cpe: "cpe:/o:debian:debian_linux:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Debian",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "NetApp ActiveIQ Unified Manager",
                  product: {
                     name: "NetApp ActiveIQ Unified Manager",
                     product_id: "658714",
                     product_identification_helper: {
                        cpe: "cpe:/a:netapp:active_iq_unified_manager:-::~~~vmware_vsphere~~",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "NetApp",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Open Source CentOS",
                  product: {
                     name: "Open Source CentOS",
                     product_id: "1727",
                     product_identification_helper: {
                        cpe: "cpe:/o:centos:centos:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Open Source",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Oracle Linux",
                  product: {
                     name: "Oracle Linux",
                     product_id: "T004914",
                     product_identification_helper: {
                        cpe: "cpe:/o:oracle:linux:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Oracle",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Red Hat Enterprise Linux 8",
                  product: {
                     name: "Red Hat Enterprise Linux 8",
                     product_id: "T014111",
                     product_identification_helper: {
                        cpe: "cpe:/o:redhat:enterprise_linux:8",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Red Hat",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "SUSE Linux",
                  product: {
                     name: "SUSE Linux",
                     product_id: "T002207",
                     product_identification_helper: {
                        cpe: "cpe:/o:suse:suse_linux:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
         {
            branches: [
               {
                  category: "product_name",
                  name: "Ubuntu Linux",
                  product: {
                     name: "Ubuntu Linux",
                     product_id: "T000126",
                     product_identification_helper: {
                        cpe: "cpe:/o:canonical:ubuntu_linux:-",
                     },
                  },
               },
            ],
            category: "vendor",
            name: "Ubuntu",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2019-13627",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2019-13627",
      },
      {
         cve: "CVE-2019-14559",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2019-14559",
      },
      {
         cve: "CVE-2019-15165",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2019-15165",
      },
      {
         cve: "CVE-2019-15892",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2019-15892",
      },
      {
         cve: "CVE-2019-16167",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2019-16167",
      },
      {
         cve: "CVE-2019-16680",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2019-16680",
      },
      {
         cve: "CVE-2019-20446",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2019-20446",
      },
      {
         cve: "CVE-2019-20637",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2019-20637",
      },
      {
         cve: "CVE-2019-20916",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2019-20916",
      },
      {
         cve: "CVE-2020-10737",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2020-10737",
      },
      {
         cve: "CVE-2020-10759",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2020-10759",
      },
      {
         cve: "CVE-2020-11078",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2020-11078",
      },
      {
         cve: "CVE-2020-11653",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2020-11653",
      },
      {
         cve: "CVE-2020-11736",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2020-11736",
      },
      {
         cve: "CVE-2020-12831",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2020-12831",
      },
      {
         cve: "CVE-2020-14382",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2020-14382",
      },
      {
         cve: "CVE-2020-14928",
         notes: [
            {
               category: "description",
               text: "In Red Hat Enterprise Linux existieren mehrere Schwachstellen in den Komponenten python-pip, gnome-software, libgcrypt, cryptsetup, libpcap, resource-agents, frr, sysstat, evolution, oddjob, librsvg2, edk2, file-roller und varnish:6. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Verfügbarkeit, Integrität und Vertraulichkeit zu gefährden.",
            },
         ],
         product_status: {
            known_affected: [
               "T015519",
               "2951",
               "T002207",
               "T000126",
               "398363",
               "658714",
               "1727",
               "T004914",
               "T014111",
            ],
         },
         release_date: "2020-11-03T23:00:00.000+00:00",
         title: "CVE-2020-14928",
      },
   ],
}

cve-2019-13627

Vulnerability from cvelistv5

Published

2019-09-25 14:44

Modified

2024-08-04 23:57

Severity ?

Summary

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

References

▼	URL	Tags
	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html	mailing-list, x_refsource_MLIST
	https://security-tracker.debian.org/tracker/CVE-2019-13627	x_refsource_MISC
	https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/10/02/2	mailing-list, x_refsource_MLIST
	https://minerva.crocs.fi.muni.cz/	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4236-1/	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/4236-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4236-3/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/202003-32	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T23:57:39.524Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openSUSE-SU-2019:2161",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html",
               },
               {
                  name: "[debian-lts-announce] 20190924 [SECURITY] [DLA 1931-1] libgcrypt20 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2019-13627",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5",
               },
               {
                  name: "[oss-security] 20191002 Minerva: ECDSA key recovery from bit-length leakage",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/10/02/2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://minerva.crocs.fi.muni.cz/",
               },
               {
                  name: "[debian-lts-announce] 20200101 [SECURITY] [DLA 1931-2] libgcrypt20 regression update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html",
               },
               {
                  name: "USN-4236-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4236-1/",
               },
               {
                  name: "openSUSE-SU-2020:0022",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html",
               },
               {
                  name: "USN-4236-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4236-2/",
               },
               {
                  name: "USN-4236-3",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4236-3/",
               },
               {
                  name: "GLSA-202003-32",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202003-32",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-03-15T20:06:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "openSUSE-SU-2019:2161",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html",
            },
            {
               name: "[debian-lts-announce] 20190924 [SECURITY] [DLA 1931-1] libgcrypt20 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://security-tracker.debian.org/tracker/CVE-2019-13627",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5",
            },
            {
               name: "[oss-security] 20191002 Minerva: ECDSA key recovery from bit-length leakage",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/10/02/2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://minerva.crocs.fi.muni.cz/",
            },
            {
               name: "[debian-lts-announce] 20200101 [SECURITY] [DLA 1931-2] libgcrypt20 regression update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html",
            },
            {
               name: "USN-4236-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4236-1/",
            },
            {
               name: "openSUSE-SU-2020:0022",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html",
            },
            {
               name: "USN-4236-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4236-2/",
            },
            {
               name: "USN-4236-3",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4236-3/",
            },
            {
               name: "GLSA-202003-32",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202003-32",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-13627",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "openSUSE-SU-2019:2161",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html",
                  },
                  {
                     name: "[debian-lts-announce] 20190924 [SECURITY] [DLA 1931-1] libgcrypt20 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html",
                  },
                  {
                     name: "https://security-tracker.debian.org/tracker/CVE-2019-13627",
                     refsource: "MISC",
                     url: "https://security-tracker.debian.org/tracker/CVE-2019-13627",
                  },
                  {
                     name: "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5",
                     refsource: "MISC",
                     url: "https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5",
                  },
                  {
                     name: "[oss-security] 20191002 Minerva: ECDSA key recovery from bit-length leakage",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2019/10/02/2",
                  },
                  {
                     name: "https://minerva.crocs.fi.muni.cz/",
                     refsource: "MISC",
                     url: "https://minerva.crocs.fi.muni.cz/",
                  },
                  {
                     name: "[debian-lts-announce] 20200101 [SECURITY] [DLA 1931-2] libgcrypt20 regression update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html",
                  },
                  {
                     name: "USN-4236-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4236-1/",
                  },
                  {
                     name: "openSUSE-SU-2020:0022",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html",
                  },
                  {
                     name: "USN-4236-2",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4236-2/",
                  },
                  {
                     name: "USN-4236-3",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4236-3/",
                  },
                  {
                     name: "GLSA-202003-32",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202003-32",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-13627",
      datePublished: "2019-09-25T14:44:45",
      dateReserved: "2019-07-17T00:00:00",
      dateUpdated: "2024-08-04T23:57:39.524Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-15165

Vulnerability from cvelistv5

Published

2019-10-03 18:38

Modified

2024-08-05 00:42

Severity ?

Summary

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

References

▼	URL	Tags
	https://www.tcpdump.org/public-cve-list.txt	x_refsource_CONFIRM
	https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES	x_refsource_CONFIRM
	https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6	x_refsource_CONFIRM
	https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html	vendor-advisory, x_refsource_SUSE
	https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/	vendor-advisory, x_refsource_FEDORA
	https://support.apple.com/kb/HT210788	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210790	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210785	x_refsource_CONFIRM
	https://support.apple.com/kb/HT210789	x_refsource_CONFIRM
	https://usn.ubuntu.com/4221-1/	vendor-advisory, x_refsource_UBUNTU
	https://seclists.org/bugtraq/2019/Dec/23	mailing-list, x_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2019/Dec/26	mailing-list, x_refsource_FULLDISC
	https://usn.ubuntu.com/4221-2/	vendor-advisory, x_refsource_UBUNTU
	https://www.oracle.com/security-alerts/cpuapr2020.html	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:42:03.742Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.tcpdump.org/public-cve-list.txt",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab",
               },
               {
                  name: "openSUSE-SU-2019:2343",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html",
               },
               {
                  name: "openSUSE-SU-2019:2345",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html",
               },
               {
                  name: "[debian-lts-announce] 20191021 [SECURITY] [DLA 1967-1] libpcap security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html",
               },
               {
                  name: "FEDORA-2019-eaa681d33e",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/",
               },
               {
                  name: "FEDORA-2019-4fe461079f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/",
               },
               {
                  name: "FEDORA-2019-b92ce3144a",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT210788",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT210790",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT210785",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT210789",
               },
               {
                  name: "USN-4221-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4221-1/",
               },
               {
                  name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Dec/23",
               },
               {
                  name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2019/Dec/26",
               },
               {
                  name: "USN-4221-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4221-2/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
               },
               {
                  name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2850-1] libpcap security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-12-26T21:06:09",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.tcpdump.org/public-cve-list.txt",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab",
            },
            {
               name: "openSUSE-SU-2019:2343",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html",
            },
            {
               name: "openSUSE-SU-2019:2345",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html",
            },
            {
               name: "[debian-lts-announce] 20191021 [SECURITY] [DLA 1967-1] libpcap security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html",
            },
            {
               name: "FEDORA-2019-eaa681d33e",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/",
            },
            {
               name: "FEDORA-2019-4fe461079f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/",
            },
            {
               name: "FEDORA-2019-b92ce3144a",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT210788",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT210790",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT210785",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.apple.com/kb/HT210789",
            },
            {
               name: "USN-4221-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4221-1/",
            },
            {
               name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Dec/23",
            },
            {
               name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://seclists.org/fulldisclosure/2019/Dec/26",
            },
            {
               name: "USN-4221-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4221-2/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
            },
            {
               name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2850-1] libpcap security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-15165",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.tcpdump.org/public-cve-list.txt",
                     refsource: "CONFIRM",
                     url: "https://www.tcpdump.org/public-cve-list.txt",
                  },
                  {
                     name: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES",
                     refsource: "CONFIRM",
                     url: "https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES",
                  },
                  {
                     name: "https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6",
                     refsource: "CONFIRM",
                     url: "https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6",
                  },
                  {
                     name: "https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab",
                     refsource: "CONFIRM",
                     url: "https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab",
                  },
                  {
                     name: "openSUSE-SU-2019:2343",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html",
                  },
                  {
                     name: "openSUSE-SU-2019:2345",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html",
                  },
                  {
                     name: "[debian-lts-announce] 20191021 [SECURITY] [DLA 1967-1] libpcap security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html",
                  },
                  {
                     name: "FEDORA-2019-eaa681d33e",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3/",
                  },
                  {
                     name: "FEDORA-2019-4fe461079f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZTIPUWABYUE5KQOLCKAW65AUUSB7QO6/",
                  },
                  {
                     name: "FEDORA-2019-b92ce3144a",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/",
                  },
                  {
                     name: "https://support.apple.com/kb/HT210788",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT210788",
                  },
                  {
                     name: "https://support.apple.com/kb/HT210790",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT210790",
                  },
                  {
                     name: "https://support.apple.com/kb/HT210785",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT210785",
                  },
                  {
                     name: "https://support.apple.com/kb/HT210789",
                     refsource: "CONFIRM",
                     url: "https://support.apple.com/kb/HT210789",
                  },
                  {
                     name: "USN-4221-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4221-1/",
                  },
                  {
                     name: "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Dec/23",
                  },
                  {
                     name: "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
                     refsource: "FULLDISC",
                     url: "http://seclists.org/fulldisclosure/2019/Dec/26",
                  },
                  {
                     name: "USN-4221-2",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4221-2/",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  },
                  {
                     name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2850-1] libpcap security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00014.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-15165",
      datePublished: "2019-10-03T18:38:07",
      dateReserved: "2019-08-19T00:00:00",
      dateUpdated: "2024-08-05T00:42:03.742Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-14928

Vulnerability from cvelistv5

Published

2020-07-17 15:30

Modified

2024-08-04 13:00

Severity ?

Summary

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

References

▼	URL	Tags
	https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html	x_refsource_CONFIRM
	https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/DSA-4725-1	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/DLA-2281-1	x_refsource_CONFIRM
	https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac	x_refsource_CONFIRM
	https://bugzilla.suse.com/show_bug.cgi?id=1173910	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4725	vendor-advisory, x_refsource_DEBIAN
	https://usn.ubuntu.com/4429-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T13:00:52.067Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/DSA-4725-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/DLA-2281-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1173910",
               },
               {
                  name: "DSA-4725",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2020/dsa-4725",
               },
               {
                  name: "USN-4429-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4429-1/",
               },
               {
                  name: "FEDORA-2020-45041afb19",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a \"begin TLS\" response, eds reads additional data and evaluates it in a TLS context, aka \"response injection.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-01T05:06:23",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security-tracker.debian.org/tracker/DSA-4725-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security-tracker.debian.org/tracker/DLA-2281-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1173910",
            },
            {
               name: "DSA-4725",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2020/dsa-4725",
            },
            {
               name: "USN-4429-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4429-1/",
            },
            {
               name: "FEDORA-2020-45041afb19",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-14928",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a \"begin TLS\" response, eds reads additional data and evaluates it in a TLS context, aka \"response injection.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226",
                     refsource: "MISC",
                     url: "https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226",
                  },
                  {
                     name: "https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html",
                     refsource: "CONFIRM",
                     url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html",
                  },
                  {
                     name: "https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df",
                     refsource: "CONFIRM",
                     url: "https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df",
                  },
                  {
                     name: "https://security-tracker.debian.org/tracker/DSA-4725-1",
                     refsource: "CONFIRM",
                     url: "https://security-tracker.debian.org/tracker/DSA-4725-1",
                  },
                  {
                     name: "https://security-tracker.debian.org/tracker/DLA-2281-1",
                     refsource: "CONFIRM",
                     url: "https://security-tracker.debian.org/tracker/DLA-2281-1",
                  },
                  {
                     name: "https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac",
                     refsource: "CONFIRM",
                     url: "https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac",
                  },
                  {
                     name: "https://bugzilla.suse.com/show_bug.cgi?id=1173910",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.suse.com/show_bug.cgi?id=1173910",
                  },
                  {
                     name: "DSA-4725",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2020/dsa-4725",
                  },
                  {
                     name: "USN-4429-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4429-1/",
                  },
                  {
                     name: "FEDORA-2020-45041afb19",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-14928",
      datePublished: "2020-07-17T15:30:42",
      dateReserved: "2020-06-19T00:00:00",
      dateUpdated: "2024-08-04T13:00:52.067Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11653

Vulnerability from cvelistv5

Published

2020-04-08 00:00

Modified

2024-08-04 11:35

Severity ?

Summary

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.

References

▼	URL	Tags
	https://varnish-cache.org/security/VSV00005.html#vsv00005
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:35:13.694Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://varnish-cache.org/security/VSV00005.html#vsv00005",
               },
               {
                  name: "openSUSE-SU-2020:0819",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html",
               },
               {
                  name: "openSUSE-SU-2020:0808",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html",
               },
               {
                  name: "[debian-lts-announce] 20221127 [SECURITY] [DLA 3208-1] varnish security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-28T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://varnish-cache.org/security/VSV00005.html#vsv00005",
            },
            {
               name: "openSUSE-SU-2020:0819",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html",
            },
            {
               name: "openSUSE-SU-2020:0808",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html",
            },
            {
               name: "[debian-lts-announce] 20221127 [SECURITY] [DLA 3208-1] varnish security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00036.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11653",
      datePublished: "2020-04-08T00:00:00",
      dateReserved: "2020-04-08T00:00:00",
      dateUpdated: "2024-08-04T11:35:13.694Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10759

Vulnerability from cvelistv5

Published

2020-09-15 18:37

Modified

2024-08-04 11:14

Severity ?

Summary

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.

References

▼	URL	Tags
	https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1844316	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	fwupd	Version: all verions of fwupd

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:14:14.965Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1844316",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "fwupd",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "all verions of fwupd",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-347",
                     description: "CWE-347",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-15T18:37:45",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1844316",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-10759",
      datePublished: "2020-09-15T18:37:45",
      dateReserved: "2020-03-20T00:00:00",
      dateUpdated: "2024-08-04T11:14:14.965Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-12831

Vulnerability from cvelistv5

Published

2020-05-13 17:42

Modified

2024-08-04 12:04

Severity ?

Summary

An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1830805	x_refsource_MISC
	https://github.com/FRRouting/frr/pull/6383	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2020-12831",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-06-26T19:54:04.010013Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-26T19:54:11.534Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:04:22.891Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1830805",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/FRRouting/frr/pull/6383",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-13T17:42:36",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1830805",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/FRRouting/frr/pull/6383",
            },
         ],
         tags: [
            "disputed",
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-12831",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1830805",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1830805",
                  },
                  {
                     name: "https://github.com/FRRouting/frr/pull/6383",
                     refsource: "MISC",
                     url: "https://github.com/FRRouting/frr/pull/6383",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-12831",
      datePublished: "2020-05-13T17:42:36",
      dateReserved: "2020-05-13T00:00:00",
      dateUpdated: "2024-08-04T12:04:22.891Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-14382

Vulnerability from cvelistv5

Published

2020-09-16 14:37

Modified

2024-08-04 12:46

Severity ?

Summary

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement "intervals = malloc(first_backup * sizeof(*intervals));"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=1874712	x_refsource_MISC
	https://usn.ubuntu.com/4493-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJTQ4KSVCW2NMSU5WFVPOHY46WMNF4OB/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD6YSD63LLRRC4WQ7DJLSXWNUCY6FWBM/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	cryptsetup	Version: cryptsetup-2.2.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T12:46:34.336Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1874712",
               },
               {
                  name: "USN-4493-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4493-1/",
               },
               {
                  name: "FEDORA-2020-5ed5af6275",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJTQ4KSVCW2NMSU5WFVPOHY46WMNF4OB/",
               },
               {
                  name: "FEDORA-2020-8c76e12e62",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD6YSD63LLRRC4WQ7DJLSXWNUCY6FWBM/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "cryptsetup",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "cryptsetup-2.2.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement \"intervals = malloc(first_backup * sizeof(*intervals));\"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Out-of-bounds write",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-25T19:06:14",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1874712",
            },
            {
               name: "USN-4493-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4493-1/",
            },
            {
               name: "FEDORA-2020-5ed5af6275",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OJTQ4KSVCW2NMSU5WFVPOHY46WMNF4OB/",
            },
            {
               name: "FEDORA-2020-8c76e12e62",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD6YSD63LLRRC4WQ7DJLSXWNUCY6FWBM/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2020-14382",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "cryptsetup",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "cryptsetup-2.2.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for possible overflow on memory allocation used for intervals array (see statement \"intervals = malloc(first_backup * sizeof(*intervals));\"). Due to the bug, library can be *tricked* to expect such allocation was successful but for far less memory then originally expected. Later it may read data FROM image crafted by an attacker and actually write such data BEYOND allocated memory.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Out-of-bounds write",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1874712",
                     refsource: "MISC",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1874712",
                  },
                  {
                     name: "USN-4493-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4493-1/",
                  },
                  {
                     name: "FEDORA-2020-5ed5af6275",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OJTQ4KSVCW2NMSU5WFVPOHY46WMNF4OB/",
                  },
                  {
                     name: "FEDORA-2020-8c76e12e62",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TD6YSD63LLRRC4WQ7DJLSXWNUCY6FWBM/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-14382",
      datePublished: "2020-09-16T14:37:52",
      dateReserved: "2020-06-17T00:00:00",
      dateUpdated: "2024-08-04T12:46:34.336Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-20637

Vulnerability from cvelistv5

Published

2020-04-08 23:01

Modified

2024-08-05 02:46

Severity ?

Summary

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.

References

▼	URL	Tags
	http://varnish-cache.org/security/VSV00004.html#vsv00004	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:46:10.452Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://varnish-cache.org/security/VSV00004.html#vsv00004",
               },
               {
                  name: "openSUSE-SU-2020:0819",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html",
               },
               {
                  name: "openSUSE-SU-2020:0808",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-16T15:06:12",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://varnish-cache.org/security/VSV00004.html#vsv00004",
            },
            {
               name: "openSUSE-SU-2020:0819",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html",
            },
            {
               name: "openSUSE-SU-2020:0808",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-20637",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1. It does not clear a pointer between the handling of one client request and the next request within the same connection. This sometimes causes information to be disclosed from the connection workspace, such as data structures associated with previous requests within this connection or VCL-related temporary headers.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://varnish-cache.org/security/VSV00004.html#vsv00004",
                     refsource: "MISC",
                     url: "http://varnish-cache.org/security/VSV00004.html#vsv00004",
                  },
                  {
                     name: "openSUSE-SU-2020:0819",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00031.html",
                  },
                  {
                     name: "openSUSE-SU-2020:0808",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00026.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-20637",
      datePublished: "2020-04-08T23:01:30",
      dateReserved: "2020-04-08T00:00:00",
      dateUpdated: "2024-08-05T02:46:10.452Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11736

Vulnerability from cvelistv5

Published

2020-04-13 18:39

Modified

2024-08-04 11:41

Severity ?

Summary

fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.

References

▼	URL	Tags
	https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/4332-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/4332-2/	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/202009-06	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:41:58.820Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0",
               },
               {
                  name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2180-1] file-roller security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html",
               },
               {
                  name: "USN-4332-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4332-1/",
               },
               {
                  name: "USN-4332-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4332-2/",
               },
               {
                  name: "GLSA-202009-06",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202009-06",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-09-14T01:06:17",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0",
            },
            {
               name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2180-1] file-roller security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html",
            },
            {
               name: "USN-4332-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4332-1/",
            },
            {
               name: "USN-4332-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4332-2/",
            },
            {
               name: "GLSA-202009-06",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/202009-06",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-11736",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0",
                     refsource: "MISC",
                     url: "https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0",
                  },
                  {
                     name: "[debian-lts-announce] 20200417 [SECURITY] [DLA 2180-1] file-roller security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/04/msg00013.html",
                  },
                  {
                     name: "USN-4332-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4332-1/",
                  },
                  {
                     name: "USN-4332-2",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4332-2/",
                  },
                  {
                     name: "GLSA-202009-06",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/202009-06",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-11736",
      datePublished: "2020-04-13T18:39:26",
      dateReserved: "2020-04-13T00:00:00",
      dateUpdated: "2024-08-04T11:41:58.820Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-11078

Vulnerability from cvelistv5

Published

2020-05-20 16:00

Modified

2024-08-04 11:21

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Summary

In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.

References

▼	URL	Tags
	https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq	x_refsource_CONFIRM
	https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e	x_refsource_MISC
	https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89%40%3Ccommits.allura.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/	vendor-advisory, x_refsource_FEDORA
	https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST
	https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1%40%3Cissues.beam.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	httplib2	httplib2	Version: < 0.81.0

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:21:14.627Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e",
               },
               {
                  name: "[allura-commits] 20200521 [allura] branch master updated: Upgrade httplib2 for CVE-2020-11078",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89%40%3Ccommits.allura.apache.org%3E",
               },
               {
                  name: "[debian-lts-announce] 20200601 [SECURITY] [DLA 2232-1] python-httplib2 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html",
               },
               {
                  name: "[beam-issues] 20200602 [jira] [Created] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc%40%3Cissues.beam.apache.org%3E",
               },
               {
                  name: "FEDORA-2020-a7a15a9687",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/",
               },
               {
                  name: "FEDORA-2020-37779a5c93",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/",
               },
               {
                  name: "[beam-issues] 20200802 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f%40%3Cissues.beam.apache.org%3E",
               },
               {
                  name: "[beam-issues] 20200802 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23%40%3Cissues.beam.apache.org%3E",
               },
               {
                  name: "[beam-issues] 20200816 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202%40%3Cissues.beam.apache.org%3E",
               },
               {
                  name: "[beam-issues] 20200816 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1%40%3Cissues.beam.apache.org%3E",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "httplib2",
               vendor: "httplib2",
               versions: [
                  {
                     status: "affected",
                     version: "< 0.81.0",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-93",
                     description: "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-16T18:06:04",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e",
            },
            {
               name: "[allura-commits] 20200521 [allura] branch master updated: Upgrade httplib2 for CVE-2020-11078",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89%40%3Ccommits.allura.apache.org%3E",
            },
            {
               name: "[debian-lts-announce] 20200601 [SECURITY] [DLA 2232-1] python-httplib2 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html",
            },
            {
               name: "[beam-issues] 20200602 [jira] [Created] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc%40%3Cissues.beam.apache.org%3E",
            },
            {
               name: "FEDORA-2020-a7a15a9687",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/",
            },
            {
               name: "FEDORA-2020-37779a5c93",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/",
            },
            {
               name: "[beam-issues] 20200802 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f%40%3Cissues.beam.apache.org%3E",
            },
            {
               name: "[beam-issues] 20200802 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23%40%3Cissues.beam.apache.org%3E",
            },
            {
               name: "[beam-issues] 20200816 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202%40%3Cissues.beam.apache.org%3E",
            },
            {
               name: "[beam-issues] 20200816 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1%40%3Cissues.beam.apache.org%3E",
            },
         ],
         source: {
            advisory: "GHSA-gg84-qgv9-w4pq",
            discovery: "UNKNOWN",
         },
         title: "CRLF injection in httplib2",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security-advisories@github.com",
               ID: "CVE-2020-11078",
               STATE: "PUBLIC",
               TITLE: "CRLF injection in httplib2",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "httplib2",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "< 0.81.0",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "httplib2",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
                  version: "3.1",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq",
                     refsource: "CONFIRM",
                     url: "https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq",
                  },
                  {
                     name: "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e",
                     refsource: "MISC",
                     url: "https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e",
                  },
                  {
                     name: "[allura-commits] 20200521 [allura] branch master updated: Upgrade httplib2 for CVE-2020-11078",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E",
                  },
                  {
                     name: "[debian-lts-announce] 20200601 [SECURITY] [DLA 2232-1] python-httplib2 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html",
                  },
                  {
                     name: "[beam-issues] 20200602 [jira] [Created] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E",
                  },
                  {
                     name: "FEDORA-2020-a7a15a9687",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/",
                  },
                  {
                     name: "FEDORA-2020-37779a5c93",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/",
                  },
                  {
                     name: "[beam-issues] 20200802 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E",
                  },
                  {
                     name: "[beam-issues] 20200802 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E",
                  },
                  {
                     name: "[beam-issues] 20200816 [jira] [Commented] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E",
                  },
                  {
                     name: "[beam-issues] 20200816 [jira] [Updated] (BEAM-10180) Upgrade httplib2 to > 0.18.0 to resolve CVE-2020-11078",
                     refsource: "MLIST",
                     url: "https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E",
                  },
               ],
            },
            source: {
               advisory: "GHSA-gg84-qgv9-w4pq",
               discovery: "UNKNOWN",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2020-11078",
      datePublished: "2020-05-20T16:00:16",
      dateReserved: "2020-03-30T00:00:00",
      dateUpdated: "2024-08-04T11:21:14.627Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-20446

Vulnerability from cvelistv5

Published

2020-02-02 00:00

Modified

2024-08-05 02:39

Severity ?

Summary

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

References

▼	URL	Tags
	https://gitlab.gnome.org/GNOME/librsvg/issues/515
	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html	mailing-list
	https://usn.ubuntu.com/4436-1/	vendor-advisory
	https://security.netapp.com/advisory/ntap-20221111-0004/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T02:39:09.924Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gitlab.gnome.org/GNOME/librsvg/issues/515",
               },
               {
                  name: "openSUSE-SU-2020:0343",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html",
               },
               {
                  name: "FEDORA-2020-f6271d7afa",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/",
               },
               {
                  name: "FEDORA-2020-39e0b8bd14",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/",
               },
               {
                  name: "[debian-lts-announce] 20200722 [SECURITY] [DLA 2285-1] librsvg security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html",
               },
               {
                  name: "USN-4436-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4436-1/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221111-0004/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-14T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://gitlab.gnome.org/GNOME/librsvg/issues/515",
            },
            {
               name: "openSUSE-SU-2020:0343",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00024.html",
            },
            {
               name: "FEDORA-2020-f6271d7afa",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP/",
            },
            {
               name: "FEDORA-2020-39e0b8bd14",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/",
            },
            {
               name: "[debian-lts-announce] 20200722 [SECURITY] [DLA 2285-1] librsvg security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00016.html",
            },
            {
               name: "USN-4436-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/4436-1/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221111-0004/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-20446",
      datePublished: "2020-02-02T00:00:00",
      dateReserved: "2020-02-02T00:00:00",
      dateUpdated: "2024-08-05T02:39:09.924Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-15892

Vulnerability from cvelistv5

Published

2019-09-03 20:56

Modified

2024-08-05 01:03

Severity ?

Summary

An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.

References

▼	URL	Tags
	https://varnish-cache.org/security/VSV00003.html	x_refsource_MISC
	https://seclists.org/bugtraq/2019/Sep/5	mailing-list, x_refsource_BUGTRAQ
	https://www.debian.org/security/2019/dsa-4514	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/	vendor-advisory, x_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:03:32.487Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://varnish-cache.org/security/VSV00003.html",
               },
               {
                  name: "20190904 [SECURITY] [DSA 4514-1] varnish security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Sep/5",
               },
               {
                  name: "DSA-4514",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4514",
               },
               {
                  name: "openSUSE-SU-2019:2184",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html",
               },
               {
                  name: "FEDORA-2019-8a85a90af6",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/",
               },
               {
                  name: "openSUSE-SU-2019:2221",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html",
               },
               {
                  name: "FEDORA-2019-a0a0cdef92",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/",
               },
               {
                  name: "FEDORA-2019-feec5e0afd",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-10-06T02:06:04",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://varnish-cache.org/security/VSV00003.html",
            },
            {
               name: "20190904 [SECURITY] [DSA 4514-1] varnish security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Sep/5",
            },
            {
               name: "DSA-4514",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4514",
            },
            {
               name: "openSUSE-SU-2019:2184",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html",
            },
            {
               name: "FEDORA-2019-8a85a90af6",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/",
            },
            {
               name: "openSUSE-SU-2019:2221",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html",
            },
            {
               name: "FEDORA-2019-a0a0cdef92",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/",
            },
            {
               name: "FEDORA-2019-feec5e0afd",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-15892",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://varnish-cache.org/security/VSV00003.html",
                     refsource: "MISC",
                     url: "https://varnish-cache.org/security/VSV00003.html",
                  },
                  {
                     name: "20190904 [SECURITY] [DSA 4514-1] varnish security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Sep/5",
                  },
                  {
                     name: "DSA-4514",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4514",
                  },
                  {
                     name: "openSUSE-SU-2019:2184",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00069.html",
                  },
                  {
                     name: "FEDORA-2019-8a85a90af6",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLSF54TDJWJLINIFEW5V5BKDNY5EQRR3/",
                  },
                  {
                     name: "openSUSE-SU-2019:2221",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00089.html",
                  },
                  {
                     name: "FEDORA-2019-a0a0cdef92",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OEOCYRU43TWEU2C65F3D6GK64MSWNNK/",
                  },
                  {
                     name: "FEDORA-2019-feec5e0afd",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DBAQF6UDRSTURGINIMSMLJR4PTDYWA7C/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-15892",
      datePublished: "2019-09-03T20:56:18",
      dateReserved: "2019-09-03T00:00:00",
      dateUpdated: "2024-08-05T01:03:32.487Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-14559

Vulnerability from cvelistv5

Published

2020-11-23 15:50

Modified

2024-08-05 00:19

Severity ?

Summary

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

References

▼	URL	Tags
	https://bugzilla.tianocore.org/show_bug.cgi?id=2031	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	Extensible Firmware Interface Development Kit (EDK II)	Version: EDK II

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T00:19:41.363Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031",
               },
               {
                  name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Extensible Firmware Interface Development Kit (EDK II)",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "EDK II",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of Service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-04-29T21:06:27",
            orgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
            shortName: "intel",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031",
            },
            {
               name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@intel.com",
               ID: "CVE-2019-14559",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Extensible Firmware Interface Development Kit (EDK II)",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "EDK II",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031",
                     refsource: "MISC",
                     url: "https://bugzilla.tianocore.org/show_bug.cgi?id=2031",
                  },
                  {
                     name: "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "6dda929c-bb53-4a77-a76d-48e79601a1ce",
      assignerShortName: "intel",
      cveId: "CVE-2019-14559",
      datePublished: "2020-11-23T15:50:32",
      dateReserved: "2019-08-03T00:00:00",
      dateUpdated: "2024-08-05T00:19:41.363Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-16680

Vulnerability from cvelistv5

Published

2019-09-21 20:33

Modified

2024-08-05 01:17

Severity ?

Summary

An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.

References

▼	URL	Tags
	https://bugzilla.gnome.org/show_bug.cgi?id=794337	x_refsource_MISC
	https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2	x_refsource_MISC
	https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1	x_refsource_MISC
	https://usn.ubuntu.com/4139-1/	vendor-advisory, x_refsource_UBUNTU
	https://www.debian.org/security/2019/dsa-4537	vendor-advisory, x_refsource_DEBIAN
	https://seclists.org/bugtraq/2019/Sep/57	mailing-list, x_refsource_BUGTRAQ
	https://lists.debian.org/debian-lts-announce/2019/09/msg00032.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:17:41.208Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.gnome.org/show_bug.cgi?id=794337",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1",
               },
               {
                  name: "USN-4139-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4139-1/",
               },
               {
                  name: "DSA-4537",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4537",
               },
               {
                  name: "20190929 [SECURITY] [DSA 4537-1] file-roller security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "https://seclists.org/bugtraq/2019/Sep/57",
               },
               {
                  name: "[debian-lts-announce] 20190930 [SECURITY] [DLA 1938-1] file-roller security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00032.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2019-09-30T09:06:05",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.gnome.org/show_bug.cgi?id=794337",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1",
            },
            {
               name: "USN-4139-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://usn.ubuntu.com/4139-1/",
            },
            {
               name: "DSA-4537",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "https://www.debian.org/security/2019/dsa-4537",
            },
            {
               name: "20190929 [SECURITY] [DSA 4537-1] file-roller security update",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "https://seclists.org/bugtraq/2019/Sep/57",
            },
            {
               name: "[debian-lts-announce] 20190930 [SECURITY] [DLA 1938-1] file-roller security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00032.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-16680",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://bugzilla.gnome.org/show_bug.cgi?id=794337",
                     refsource: "MISC",
                     url: "https://bugzilla.gnome.org/show_bug.cgi?id=794337",
                  },
                  {
                     name: "https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2",
                     refsource: "MISC",
                     url: "https://gitlab.gnome.org/GNOME/file-roller/commit/57268e51e59b61c9e3125eb0f65551c7084297e2",
                  },
                  {
                     name: "https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1",
                     refsource: "MISC",
                     url: "https://gitlab.gnome.org/GNOME/file-roller/commit/e8fb3e24dae711e4fb0d6777e0016cdda8787bc1",
                  },
                  {
                     name: "USN-4139-1",
                     refsource: "UBUNTU",
                     url: "https://usn.ubuntu.com/4139-1/",
                  },
                  {
                     name: "DSA-4537",
                     refsource: "DEBIAN",
                     url: "https://www.debian.org/security/2019/dsa-4537",
                  },
                  {
                     name: "20190929 [SECURITY] [DSA 4537-1] file-roller security update",
                     refsource: "BUGTRAQ",
                     url: "https://seclists.org/bugtraq/2019/Sep/57",
                  },
                  {
                     name: "[debian-lts-announce] 20190930 [SECURITY] [DLA 1938-1] file-roller security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2019/09/msg00032.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-16680",
      datePublished: "2019-09-21T20:33:21",
      dateReserved: "2019-09-21T00:00:00",
      dateUpdated: "2024-08-05T01:17:41.208Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-10737

Vulnerability from cvelistv5

Published

2020-05-27 00:00

Modified

2024-08-04 11:14

Severity ?

6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Summary

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.

References

▼	URL	Tags
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737
	https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch

Impacted products

	Vendor	Product	Version
	Red Hat	oddjob	Version: before 0.34.5 Version: before 0.34.6

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T11:14:14.865Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "oddjob",
               vendor: "Red Hat",
               versions: [
                  {
                     status: "affected",
                     version: "before 0.34.5",
                  },
                  {
                     status: "affected",
                     version: "before 0.34.6",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path. This flaw allows an attacker to leverage this issue by creating a symlink point to a target folder, which then has its ownership transferred to the new home directory's unprivileged user.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-362",
                     description: "CWE-362",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-10-07T00:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10737",
            },
            {
               url: "https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac?branch",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2020-10737",
      datePublished: "2020-05-27T00:00:00",
      dateReserved: "2020-03-20T00:00:00",
      dateUpdated: "2024-08-04T11:14:14.865Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-20916

Vulnerability from cvelistv5

Published

2020-09-04 19:20

Modified

2024-08-05 03:00

Severity ?

Summary

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.

References

▼	URL	Tags
	https://github.com/pypa/pip/issues/6413	x_refsource_MISC
	https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace	x_refsource_MISC
	https://github.com/pypa/pip/compare/19.1.1...19.2	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html	vendor-advisory, x_refsource_SUSE
	https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:00:17.373Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/pypa/pip/issues/6413",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/pypa/pip/compare/19.1.1...19.2",
               },
               {
                  name: "[debian-lts-announce] 20200911 [SECURITY] [DLA 2370-1] python-pip security update",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html",
               },
               {
                  name: "openSUSE-SU-2020:1598",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html",
               },
               {
                  name: "openSUSE-SU-2020:1613",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2022.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-07-25T16:12:52",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/pypa/pip/issues/6413",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/pypa/pip/compare/19.1.1...19.2",
            },
            {
               name: "[debian-lts-announce] 20200911 [SECURITY] [DLA 2370-1] python-pip security update",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html",
            },
            {
               name: "openSUSE-SU-2020:1598",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html",
            },
            {
               name: "openSUSE-SU-2020:1613",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2022.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2019-20916",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/pypa/pip/issues/6413",
                     refsource: "MISC",
                     url: "https://github.com/pypa/pip/issues/6413",
                  },
                  {
                     name: "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace",
                     refsource: "MISC",
                     url: "https://github.com/gzpan123/pip/commit/a4c735b14a62f9cb864533808ac63936704f2ace",
                  },
                  {
                     name: "https://github.com/pypa/pip/compare/19.1.1...19.2",
                     refsource: "MISC",
                     url: "https://github.com/pypa/pip/compare/19.1.1...19.2",
                  },
                  {
                     name: "[debian-lts-announce] 20200911 [SECURITY] [DLA 2370-1] python-pip security update",
                     refsource: "MLIST",
                     url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00010.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1598",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00005.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1613",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00010.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuapr2022.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2022.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2022.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-20916",
      datePublished: "2020-09-04T19:20:55",
      dateReserved: "2020-09-04T00:00:00",
      dateUpdated: "2024-08-05T03:00:17.373Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-16167

Vulnerability from cvelistv5

Published

2019-09-09 00:00

Modified

2024-08-05 01:10

Severity ?

Summary

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.

References

▼	URL	Tags
	https://github.com/sysstat/sysstat/issues/230
	https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html	vendor-advisory
	https://usn.ubuntu.com/4242-1/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T01:10:41.312Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/sysstat/sysstat/issues/230",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6",
               },
               {
                  name: "openSUSE-SU-2019:2395",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html",
               },
               {
                  name: "openSUSE-SU-2019:2397",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html",
               },
               {
                  name: "USN-4242-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/4242-1/",
               },
               {
                  name: "FEDORA-2020-9ced76e631",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3/",
               },
               {
                  name: "[debian-lts-announce] 20221113 [SECURITY] [DLA 3188-1] sysstat security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-14T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/sysstat/sysstat/issues/230",
            },
            {
               url: "https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6",
            },
            {
               name: "openSUSE-SU-2019:2395",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html",
            },
            {
               name: "openSUSE-SU-2019:2397",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html",
            },
            {
               name: "USN-4242-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/4242-1/",
            },
            {
               name: "FEDORA-2020-9ced76e631",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3/",
            },
            {
               name: "[debian-lts-announce] 20221113 [SECURITY] [DLA 3188-1] sysstat security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2022/11/msg00014.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-16167",
      datePublished: "2019-09-09T00:00:00",
      dateReserved: "2019-09-09T00:00:00",
      dateUpdated: "2024-08-05T01:10:41.312Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_certbund

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature