All the vulnerabilites related to Siemens - SINEMA Remote Connect Client
var-201611-0180
Vulnerability from variot
A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path ("C:\Program Files*" or the localized equivalent). plural Siemens The product has an installation %PROGRAMFILES% If not using a directory, it is not enclosed in quotes Windows There are vulnerabilities whose privileges are obtained by the search path. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA local user may be able to gain privileges through the Trojan executable. Founded in 1847, Siemens AG of Germany focuses on the fields of electrification, automation and digitization. Siemens is a leader in offshore wind turbine construction, gas turbine and steam turbine power generation, transmission solutions, infrastructure solutions, industrial automation, drive and software solutions, and medical imaging equipment and laboratory diagnostics. There are privilege escalation vulnerabilities in many Siemens products. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simit",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "9.0"
},
{
"model": "softnet security client",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic wincc runtime",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "7.4"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "sinema server",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic wincc \\",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic net pc software",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "simatic step 7",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "5.5"
},
{
"model": "telecontrol basic",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "primary setup tool",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.2"
},
{
"model": "security configuration tool",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.1"
},
{
"model": "simatic pcs7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "8.0"
},
{
"model": "simatic winac rtx 2010",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step 7 \\",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "softnet security client",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "simatic winac rtx f 2010",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic it production suite",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.0"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "78.2"
},
{
"model": "security configuration tool",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx f 2010",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "sp2"
},
{
"model": "simatic it production suite",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3"
},
{
"model": "simatic winac rtx 2010",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "sp2"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "professional"
},
{
"model": "simatic pcs 7",
"scope": "lte",
"trust": 0.8,
"vendor": "siemens",
"version": "8.2 until"
},
{
"model": "simatic wincc runtime professional",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.2 to 7.4"
},
{
"model": "sinema remote connect client",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "7.0 sp3 upd 8"
},
{
"model": "simatic step 7",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "5.x"
},
{
"model": "primary setup tool",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "simatic wincc tia portal",
"version": "*"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "75.x"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.3x"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.4x"
},
{
"model": "sinema server",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.2x"
},
{
"model": "simatic wincc sp2 sp2 upd",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.0\u003c7.012"
},
{
"model": "simatic wincc sp3 sp3 upd",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7.0\u003c7.08"
},
{
"model": "simatic net pc-software",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc runtime professional all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "7\u003c14"
},
{
"model": "simatic wincc basic",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc comfort",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc advanced",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc professional all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "sinema remote connect client all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic winac rtx sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic winac rtx f sp2 all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic it production suite all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "telecontrol server basic sp2",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "softnet security client all",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "v5.0"
},
{
"model": "security configuration tool all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "primary setup tool all",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc \\",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "telecontrol basic",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "13.0"
},
{
"model": "telecontrol server basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v12"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "v12"
},
{
"model": "sinema server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12.0-"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc professional",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc comfort",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc basic",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.41"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.32"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.310"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.31"
},
{
"model": "simatic wincc upd4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.3"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.29"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.28"
},
{
"model": "simatic wincc update",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.21"
},
{
"model": "simatic wincc upd4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc upd11",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.2"
},
{
"model": "simatic wincc sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic wincc sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "simatic winac rtx f sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic winac rtx sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2010"
},
{
"model": "simatic step tia portal sp1 upd1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v13"
},
{
"model": "simatic step tia portal",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7v12"
},
{
"model": "simatic step sp4 hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp3 hf10",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp2 hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp1 hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": "simatic pcs sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "78"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77.1"
},
{
"model": "simatic pcs",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "77"
},
{
"model": "simatic net pc-software sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic net pc-software sp2 hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic net pc-software",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "12"
},
{
"model": "simatic it production suite",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "security configuration tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "primary setup tool",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "telecontrol server basic sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "sinema server sp2",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "13"
},
{
"model": "simatic wincc comfort",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc basic",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc advanced",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": "simatic wincc sp3 upd",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.08"
},
{
"model": "simatic wincc sp2 upd",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7.012"
},
{
"model": "simatic step tia portal",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "7v14"
},
{
"model": "simatic net pc-software",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "14"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "primary setup tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "security configuration tool",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic it production suite",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic net pc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs7",
"version": "8.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic pcs 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic step 7 tia portal",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic winac rtx f 2010",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc",
"version": "7.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc tia portal",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc runtime",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simit",
"version": "9.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinema remote connect",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "sinema server",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "softnet security client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "telecontrol basic",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:security_configuration_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simit:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_server:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_net_pc_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7:*:sp4:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:softnet_security_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:telecontrol_basic:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_step_7_\\(tia_portal\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):*:*:*:*:basic:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:7.0:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_it_production_suite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_winac_rtx_f_2010:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):*:*:*:*:advanced:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):*:*:*:*:comfort:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:primary_setup_tool:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_winac_rtx_2010:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):-:*:*:*:professional:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime:-:*:*:*:professional:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_pcs7:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WATERSURE and KIANDRA IT",
"sources": [
{
"db": "BID",
"id": "94158"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7165",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-7165",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.2,
"id": "CNVD-2016-10732",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:M/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "MULTIPLE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.2,
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:H/Au:M/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-95985",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.4,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-7165",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7165",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-10732",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-301",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95985",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions \u003c V4.2 HF1), SIMATIC IT Production Suite (All versions \u003c V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions \u003c V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2), SIMATIC STEP 7 V5.X (All versions \u003c V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions \u003c V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions \u003c V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions \u003c V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions \u003c V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions \u003c V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1), SIMIT V9.0 (All versions \u003c V9.0 SP1), SINEMA Remote Connect Client (All versions \u003c V1.0 SP3), SINEMA Server (All versions \u003c V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions \u003c V4.3 HF1), TeleControl Server Basic (All versions \u003c V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (\"C:\\Program Files\\*\" or the localized equivalent). plural Siemens The product has an installation %PROGRAMFILES% If not using a directory, it is not enclosed in quotes Windows There are vulnerabilities whose privileges are obtained by the search path. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) ,and CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. https://cwe.mitre.org/data/definitions/254.html https://cwe.mitre.org/data/definitions/284.htmlA local user may be able to gain privileges through the Trojan executable. Founded in 1847, Siemens AG of Germany focuses on the fields of electrification, automation and digitization. Siemens is a leader in offshore wind turbine construction, gas turbine and steam turbine power generation, transmission solutions, infrastructure solutions, industrial automation, drive and software solutions, and medical imaging equipment and laboratory diagnostics. There are privilege escalation vulnerabilities in many Siemens products. Siemens SIMATIC WinCC, etc. Siemens SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system; SIMATIC PCS 7 is a distributed process control system using WinCC",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "VULHUB",
"id": "VHN-95985"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7165",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-16-313-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-701708",
"trust": 1.7
},
{
"db": "BID",
"id": "94158",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-10732",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899",
"trust": 0.8
},
{
"db": "IVD",
"id": "B4D8EF0B-EEF6-4E09-9B80-86C9B1224D88",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-95985",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"id": "VAR-201611-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
}
],
"trust": 1.5737990596153848
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
}
]
},
"last_update_date": "2023-12-18T13:09:01.043000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-701708",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf"
},
{
"title": "Patch for a number of Siemens products with privilege escalation vulnerability (CNVD-2016-10732)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/83616"
},
{
"title": "Multiple Siemens Product non-reference Windows Search path vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65670"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-313-02"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/94158"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701708.pdf"
},
{
"trust": 1.1,
"url": "http://securityaffairs.co/wordpress/53266/security/cve-2016-7165-siemens.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7165"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7165"
},
{
"trust": 0.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-16-313-02"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"db": "VULHUB",
"id": "VHN-95985"
},
{
"db": "BID",
"id": "94158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"date": "2016-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-95985"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94158"
},
{
"date": "2016-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"date": "2016-11-15T19:30:02.797000",
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"date": "2016-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-10732"
},
{
"date": "2018-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-95985"
},
{
"date": "2016-11-24T01:08:00",
"db": "BID",
"id": "94158"
},
{
"date": "2016-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005899"
},
{
"date": "2018-06-15T01:29:00.310000",
"db": "NVD",
"id": "CVE-2016-7165"
},
{
"date": "2019-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "94158"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Vulnerability gained in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005899"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "b4d8ef0b-eef6-4e09-9b80-86c9b1224d88"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-301"
}
],
"trust": 0.8
}
}
var-201902-0100
Vulnerability from variot
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to the following vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. A heap-based buffer-overflow vulnerability
Attackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201903-03
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 10, 2019 Bugs: #665292, #670026, #677346 ID: 201903-03
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.64.0 >= 7.64.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.64.0"
References
[ 1 ] CVE-2018-14618 https://nvd.nist.gov/vuln/detail/CVE-2018-14618 [ 2 ] CVE-2018-16839 https://nvd.nist.gov/vuln/detail/CVE-2018-16839 [ 3 ] CVE-2018-16840 https://nvd.nist.gov/vuln/detail/CVE-2018-16840 [ 4 ] CVE-2018-16842 https://nvd.nist.gov/vuln/detail/CVE-2018-16842 [ 5 ] CVE-2019-3822 https://nvd.nist.gov/vuln/detail/CVE-2019-3822 [ 6 ] CVE-2019-3823 https://nvd.nist.gov/vuln/detail/CVE-2019-3823
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201903-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
CVE-2018-16890
Wenxiang Qian of Tencent Blade Team discovered that the function
handling incoming NTLM type-2 messages does not validate incoming
data correctly and is subject to an integer overflow vulnerability,
which could lead to an out-of-bounds buffer read.
For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u9.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi RygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7 Hl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp k1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh RFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ cSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z dccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm zXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u rAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2 Hg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB u3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa zi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2019:3701-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3701 Issue date: 2019-11-05 CVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 CVE-2019-3823 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)
-
wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
-
curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
-
curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c 1669156 - connection re-use does not work for SCP and SFTP 1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read 1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow 1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: curl-7.61.1-11.el8.src.rpm
aarch64: curl-7.61.1-11.el8.aarch64.rpm curl-debuginfo-7.61.1-11.el8.aarch64.rpm curl-debugsource-7.61.1-11.el8.aarch64.rpm curl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-7.61.1-11.el8.aarch64.rpm libcurl-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-devel-7.61.1-11.el8.aarch64.rpm libcurl-minimal-7.61.1-11.el8.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm
ppc64le: curl-7.61.1-11.el8.ppc64le.rpm curl-debuginfo-7.61.1-11.el8.ppc64le.rpm curl-debugsource-7.61.1-11.el8.ppc64le.rpm curl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-7.61.1-11.el8.ppc64le.rpm libcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-devel-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm
s390x: curl-7.61.1-11.el8.s390x.rpm curl-debuginfo-7.61.1-11.el8.s390x.rpm curl-debugsource-7.61.1-11.el8.s390x.rpm curl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-7.61.1-11.el8.s390x.rpm libcurl-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-devel-7.61.1-11.el8.s390x.rpm libcurl-minimal-7.61.1-11.el8.s390x.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm
x86_64: curl-7.61.1-11.el8.x86_64.rpm curl-debuginfo-7.61.1-11.el8.i686.rpm curl-debuginfo-7.61.1-11.el8.x86_64.rpm curl-debugsource-7.61.1-11.el8.i686.rpm curl-debugsource-7.61.1-11.el8.x86_64.rpm curl-minimal-debuginfo-7.61.1-11.el8.i686.rpm curl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-7.61.1-11.el8.i686.rpm libcurl-7.61.1-11.el8.x86_64.rpm libcurl-debuginfo-7.61.1-11.el8.i686.rpm libcurl-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-devel-7.61.1-11.el8.i686.rpm libcurl-devel-7.61.1-11.el8.x86_64.rpm libcurl-minimal-7.61.1-11.el8.i686.rpm libcurl-minimal-7.61.1-11.el8.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16890 https://access.redhat.com/security/cve/CVE-2018-20483 https://access.redhat.com/security/cve/CVE-2019-3822 https://access.redhat.com/security/cve/CVE-2019-3823 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm jIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j owx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A FfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56 tvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW jlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO I5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2 Rfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq OKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc szJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq l4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0 PK6rxvdCr2I= =8Z+p -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing
- ========================================================================== Ubuntu Security Notice USN-3882-1 February 06, 2019
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in curl. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890)
Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)
Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: curl 7.61.0-1ubuntu2.3 libcurl3-gnutls 7.61.0-1ubuntu2.3 libcurl3-nss 7.61.0-1ubuntu2.3 libcurl4 7.61.0-1ubuntu2.3
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.6 libcurl3-gnutls 7.58.0-2ubuntu3.6 libcurl3-nss 7.58.0-2ubuntu3.6 libcurl4 7.58.0-2ubuntu3.6
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.12 libcurl3 7.47.0-1ubuntu2.12 libcurl3-gnutls 7.47.0-1ubuntu2.12 libcurl3-nss 7.47.0-1ubuntu2.12
Ubuntu 14.04 LTS: curl 7.35.0-1ubuntu2.20 libcurl3 7.35.0-1ubuntu2.20 libcurl3-gnutls 7.35.0-1ubuntu2.20 libcurl3-nss 7.35.0-1ubuntu2.20
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: NTLM type-2 out-of-bounds buffer read. SMTP end-of-response out-of-bounds read. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: e57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: f599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz
Slackware -current package: 9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz
Slackware x86_64 -current package: 869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.64.0-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0100",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "services tools bundle",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.5"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sinema remote connect client",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.26"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.27"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "active iq unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3"
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.64.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "*"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "libcurl",
"scope": "lt",
"trust": 0.8,
"vendor": "haxx",
"version": "7.36.0 thats all 7.64.0"
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.14"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.13"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.19"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.18"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.17"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.45"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "sinema remote connect client hf1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "libcurl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64"
},
{
"model": "curl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64.0"
}
],
"sources": [
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.64.0",
"versionStartIncluding": "7.36.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.7.26",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.15",
"versionStartIncluding": "5.7.27",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ProductCERT reported these vulnerabilities to NCCIC.,Brian Carpenter, Geeknik Labs and Wenxiang Qian from Tencent Blade Team.,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3822",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3822",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3822",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3822",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-124",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-3822",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large \u0027nt response\u0027 data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a \u0027large value\u0027 needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to the following vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\nAttackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201903-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: March 10, 2019\n Bugs: #665292, #670026, #677346\n ID: 201903-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.64.0 \u003e= 7.64.0 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.64.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-14618\n https://nvd.nist.gov/vuln/detail/CVE-2018-14618\n[ 2 ] CVE-2018-16839\n https://nvd.nist.gov/vuln/detail/CVE-2018-16839\n[ 3 ] CVE-2018-16840\n https://nvd.nist.gov/vuln/detail/CVE-2018-16840\n[ 4 ] CVE-2018-16842\n https://nvd.nist.gov/vuln/detail/CVE-2018-16842\n[ 5 ] CVE-2019-3822\n https://nvd.nist.gov/vuln/detail/CVE-2019-3822\n[ 6 ] CVE-2019-3823\n https://nvd.nist.gov/vuln/detail/CVE-2019-3823\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nCVE-2018-16890\n\n Wenxiang Qian of Tencent Blade Team discovered that the function\n handling incoming NTLM type-2 messages does not validate incoming\n data correctly and is subject to an integer overflow vulnerability,\n which could lead to an out-of-bounds buffer read. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi\nRygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7\nHl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp\nk1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh\nRFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ\ncSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z\ndccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm\nzXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u\nrAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2\nHg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB\nu3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa\nzi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security and bug fix update\nAdvisory ID: RHSA-2019:3701-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3701\nIssue date: 2019-11-05\nCVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 \n CVE-2019-3823 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c\n(CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c\n1669156 - connection re-use does not work for SCP and SFTP\n1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read\n1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow\n1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-11.el8.src.rpm\n\naarch64:\ncurl-7.61.1-11.el8.aarch64.rpm\ncurl-debuginfo-7.61.1-11.el8.aarch64.rpm\ncurl-debugsource-7.61.1-11.el8.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-7.61.1-11.el8.aarch64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-devel-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-11.el8.ppc64le.rpm\ncurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\ncurl-debugsource-7.61.1-11.el8.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-7.61.1-11.el8.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-devel-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-11.el8.s390x.rpm\ncurl-debuginfo-7.61.1-11.el8.s390x.rpm\ncurl-debugsource-7.61.1-11.el8.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-7.61.1-11.el8.s390x.rpm\nlibcurl-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-devel-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\n\nx86_64:\ncurl-7.61.1-11.el8.x86_64.rpm\ncurl-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-debuginfo-7.61.1-11.el8.x86_64.rpm\ncurl-debugsource-7.61.1-11.el8.i686.rpm\ncurl-debugsource-7.61.1-11.el8.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-7.61.1-11.el8.i686.rpm\nlibcurl-7.61.1-11.el8.x86_64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-devel-7.61.1-11.el8.i686.rpm\nlibcurl-devel-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16890\nhttps://access.redhat.com/security/cve/CVE-2018-20483\nhttps://access.redhat.com/security/cve/CVE-2019-3822\nhttps://access.redhat.com/security/cve/CVE-2019-3823\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm\njIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j\nowx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A\nFfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56\ntvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW\njlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO\nI5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2\nRfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq\nOKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc\nszJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq\nl4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0\nPK6rxvdCr2I=\n=8Z+p\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. ==========================================================================\nUbuntu Security Notice USN-3882-1\nFebruary 06, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. A remote attacker could possibly use this issue to\ncause curl to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. A remote attacker could possibly use this issue to cause curl to\ncrash, resulting in a denial of service. (CVE-2019-3823)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n curl 7.61.0-1ubuntu2.3\n libcurl3-gnutls 7.61.0-1ubuntu2.3\n libcurl3-nss 7.61.0-1ubuntu2.3\n libcurl4 7.61.0-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.6\n libcurl3-gnutls 7.58.0-2ubuntu3.6\n libcurl3-nss 7.58.0-2ubuntu3.6\n libcurl4 7.58.0-2ubuntu3.6\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.12\n libcurl3 7.47.0-1ubuntu2.12\n libcurl3-gnutls 7.47.0-1ubuntu2.12\n libcurl3-nss 7.47.0-1ubuntu2.12\n\nUbuntu 14.04 LTS:\n curl 7.35.0-1ubuntu2.20\n libcurl3 7.35.0-1ubuntu2.20\n libcurl3-gnutls 7.35.0-1ubuntu2.20\n libcurl3-nss 7.35.0-1ubuntu2.20\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. \n This release fixes the following security issues:\n NTLM type-2 out-of-bounds buffer read. \n SMTP end-of-response out-of-bounds read. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz\n\nSlackware x86_64 -current package:\n869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.64.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3822",
"trust": 3.4
},
{
"db": "BID",
"id": "106950",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-436177",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-04",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152034",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1084",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0381.3",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3822",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155162",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151569",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
]
},
"id": "VAR-201902-0100",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.68333334
},
"last_update_date": "2023-12-18T11:00:40.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4386",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"title": "NTAP-20190315-0001",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"title": "NTLMv2 type-3 header stack buffer overflow",
"trust": 0.8,
"url": "https://curl.haxx.se/docs/cve-2019-3822.html"
},
{
"title": "USN-3882-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"title": "Red Hat: Moderate: curl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193701 - security advisory"
},
{
"title": "Red Hat: CVE-2019-3822",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-3822"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3882-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-3822"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1297",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1297"
},
{
"title": "Arch Linux Advisories: [ASA-201902-13] lib32-curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-13"
},
{
"title": "Arch Linux Advisories: [ASA-201902-9] curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-9"
},
{
"title": "Arch Linux Advisories: [ASA-201902-10] libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-10"
},
{
"title": "Arch Linux Advisories: [ASA-201902-12] lib32-libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-12"
},
{
"title": "Arch Linux Advisories: [ASA-201902-11] lib32-libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-11"
},
{
"title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22decc09aeaa3dba577a38ac2ead2bac"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=1258fbf11199f28879a6fcc9f39902e9"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8a056bd2177d12192b11798b7ac3e013"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1162",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1162"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204298 - security advisory"
},
{
"title": "fedsummit_19",
"trust": 0.1,
"url": "https://github.com/clemenko/fedsummit_19 "
},
{
"title": "dc19_supply_chain",
"trust": 0.1,
"url": "https://github.com/clemenko/dc19_supply_chain "
},
{
"title": "dc19_supply_chain",
"trust": 0.1,
"url": "https://github.com/bbrungi/dc19_supply_chain "
},
{
"title": "BlackHat2019",
"trust": 0.1,
"url": "https://github.com/saiyuki1919/blackhat2019 "
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/korayagaya/trivyweb "
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/michwqy/cve "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/mohzeela/external-secret "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/vulnerability-scanner-for-containers "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/oracle-squashes-53-critical-bugs-in-april-security-update/143845/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/106950"
},
{
"trust": 2.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3822"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3701"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"trust": 2.0,
"url": "https://curl.haxx.se/docs/cve-2019-3822.html"
},
{
"trust": 2.0,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"trust": 2.0,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"trust": 2.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3822"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190719-0004/"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k84141449"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k84141449?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-04"
},
{
"trust": 0.9,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.9,
"url": "https://curl.haxx.se/download.html"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/86724581b6c"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/39df4073"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/2766262a68"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/50c94842"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3823"
},
{
"trust": 0.9,
"url": "https://curl.haxx.se/docs/cve-2019-3823.html"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3822"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3cdevnull.infra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k84141449?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75218"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152034/gentoo-linux-security-advisory-201903-03.html"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10876554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78194"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3823"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/clemenko/fedsummit_19"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=60802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16842"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16840"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16839"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.20"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3882-1"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3823"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16890"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"date": "2019-02-06T00:00:00",
"db": "BID",
"id": "106950"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"date": "2019-03-11T18:48:31",
"db": "PACKETSTORM",
"id": "152034"
},
{
"date": "2019-02-07T16:32:00",
"db": "PACKETSTORM",
"id": "151568"
},
{
"date": "2019-11-06T15:57:33",
"db": "PACKETSTORM",
"id": "155162"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2019-02-06T22:35:20",
"db": "PACKETSTORM",
"id": "151566"
},
{
"date": "2019-02-07T16:32:06",
"db": "PACKETSTORM",
"id": "151569"
},
{
"date": "2019-02-06T20:29:00.353000",
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"date": "2019-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3822"
},
{
"date": "2019-07-17T06:00:00",
"db": "BID",
"id": "106950"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001733"
},
{
"date": "2023-11-07T03:10:12.823000",
"db": "NVD",
"id": "CVE-2019-3822"
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001733"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-124"
}
],
"trust": 0.6
}
}
var-201809-0686
Vulnerability from variot
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.). curl Contains an integer overflow vulnerability. This vulnerability CVE-2017-8816 It is a similar problem.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. cURL/libcURL version 7.15.4 through 7.61.0 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-03
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 10, 2019 Bugs: #665292, #670026, #677346 ID: 201903-03
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.64.0 >= 7.64.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Impact
Remote attackers could cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.64.0"
References
[ 1 ] CVE-2018-14618 https://nvd.nist.gov/vuln/detail/CVE-2018-14618 [ 2 ] CVE-2018-16839 https://nvd.nist.gov/vuln/detail/CVE-2018-16839 [ 3 ] CVE-2018-16840 https://nvd.nist.gov/vuln/detail/CVE-2018-16840 [ 4 ] CVE-2018-16842 https://nvd.nist.gov/vuln/detail/CVE-2018-16842 [ 5 ] CVE-2019-3822 https://nvd.nist.gov/vuln/detail/CVE-2019-3822 [ 6 ] CVE-2019-3823 https://nvd.nist.gov/vuln/detail/CVE-2019-3823
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201903-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3765-2 September 17, 2018
curl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
curl could be made to run arbitrary code if it received a specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that curl incorrectly handled certain inputs.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: curl 7.22.0-3ubuntu4.23 libcurl3 7.22.0-3ubuntu4.23 libcurl3-gnutls 7.22.0-3ubuntu4.23 libcurl3-nss 7.22.0-3ubuntu4.23
In general, a standard system update will make all the necessary changes. 7) - aarch64, ppc64le, s390x
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: NTLM password overflow via integer overflow (CVE-2018-14618)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
baseurl with file:// hangs and then timeout in yum repo (BZ#1709474)
-
curl crashes on http links with rate-limit (BZ#1711914)
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.61.1-i586-1_slack14.2.txz: Upgraded. For more information, see: https://curl.haxx.se/docs/CVE-2018-14618.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.61.1-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.61.1-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.61.1-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.61.1-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.61.1-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.61.1-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.61.1-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.61.1-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: d6493074efefb47021747a0f525a3875 curl-7.61.1-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 9d5fb07395d570c7af54d306dff25e0d curl-7.61.1-x86_64-1_slack14.0.txz
Slackware 14.1 package: fff7b1f0df80b7b8386e6b1b58fadaec curl-7.61.1-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: fe69bb3baaf679dec8bd3abea3c6ef02 curl-7.61.1-x86_64-1_slack14.1.txz
Slackware 14.2 package: e130826573cd1cf9b5d769690ff91811 curl-7.61.1-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 161e1f2949b0285484de8aa16953c5e7 curl-7.61.1-x86_64-1_slack14.2.txz
Slackware -current package: 7135b216f6e989b0ae3e6123f6a07083 n/curl-7.61.1-i586-1.txz
Slackware x86_64 -current package: b96ce6cdc7ae46e5979563f8f939fcfd n/curl-7.61.1-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.61.1-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: httpd24 security, bug fix, and enhancement update Advisory ID: RHSA-2018:3558-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2018:3558 Issue date: 2018-11-13 CVE Names: CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9586 CVE-2017-7407 CVE-2017-8816 CVE-2017-8817 CVE-2017-15710 CVE-2017-15715 CVE-2017-1000100 CVE-2017-1000101 CVE-2017-1000254 CVE-2017-1000257 CVE-2018-1283 CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 CVE-2018-1333 CVE-2018-11763 CVE-2018-14618 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000301 =====================================================================
- Summary:
An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.
The following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.34), httpd24-curl (7.61.1). (BZ#1590833, BZ#1648928)
Security Fix(es):
-
httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)
-
httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303)
-
httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)
-
httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763)
-
httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)
-
httpd:
bypass with a trailing newline in the file name (CVE-2017-15715) -
httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301)
-
httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)
-
curl: Multiple security issues were fixed in httpd24-curl (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301, CVE-2018-14618)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Curl project for reporting CVE-2017-8816, CVE-2017-8817, CVE-2017-1000254, CVE-2017-1000257, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-1000301, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2018-14618, and CVE-2018-1000121. Upstream acknowledges Alex Nichols as the original reporter of CVE-2017-8816; the OSS-Fuzz project as the original reporter of CVE-2017-8817 and CVE-2018-1000301; Max Dymond as the original reporter of CVE-2017-1000254 and CVE-2018-1000122; Brian Carpenter and the OSS-Fuzz project as the original reporters of CVE-2017-1000257; Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Even Rouault as the original reporter of CVE-2017-1000100; Brian Carpenter as the original reporter of CVE-2017-1000101; Zhaoyang Wu as the original reporter of CVE-2018-14618; and Dario Weisser as the original reporter of CVE-2018-1000121.
Bug Fix(es):
- Previously, the Apache HTTP Server from the httpd24 Software Collection was unable to handle situations when static content was repeatedly requested in a browser by refreshing the page. As a consequence, HTTP/2 connections timed out and httpd became unresponsive. This bug has been fixed, and HTTP/2 connections now work as expected in the described scenario. (BZ#1518737)
Enhancement(s):
- This update adds the mod_md module to the httpd24 Software Collection. This module enables managing domains across virtual hosts and certificate provisioning using the Automatic Certificate Management Environment (ACME) protocol. The mod_md module is available only for Red Hat Enterprise Linux
- (BZ#1640722)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Software Collections 3.2 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass
1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert
1362199 - CVE-2016-5421 curl: Use of connection struct after free
1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates
1375906 - CVE-2016-7167 curl: escape and unescape integer overflows
1388370 - CVE-2016-8615 curl: Cookie injection for other servers
1388371 - CVE-2016-8616 curl: Case insensitive password comparison
1388377 - CVE-2016-8617 curl: Out-of-bounds write via unchecked multiplication
1388378 - CVE-2016-8618 curl: Double-free in curl_maprintf
1388379 - CVE-2016-8619 curl: Double-free in krb5 code
1388382 - CVE-2016-8620 curl: Glob parser write/read out of bounds
1388385 - CVE-2016-8621 curl: curl_getdate out-of-bounds read
1388386 - CVE-2016-8622 curl: URL unescape heap overflow via integer truncation
1388388 - CVE-2016-8623 curl: Use-after-free via shared cookies
1388390 - CVE-2016-8624 curl: Invalid URL parsing with '#'
1388392 - CVE-2016-8625 curl: IDNA 2003 makes curl use wrong host
1406712 - CVE-2016-9586 curl: printf floating point buffer overflow
1439190 - CVE-2017-7407 curl: --write-out out of bounds read
1478309 - CVE-2017-1000101 curl: URL globbing out of bounds read
1478310 - CVE-2017-1000100 curl: TFTP sends more than buffer size
1495541 - CVE-2017-1000254 curl: FTP PWD response parser out of bounds read
1503705 - CVE-2017-1000257 curl: IMAP FETCH response out of bounds read
1515757 - CVE-2017-8816 curl: NTLM buffer overflow via integer overflow
1515760 - CVE-2017-8817 curl: FTP wildcard out of bounds read
1518737 - HTTP/2 connections hang and timeout
1537125 - CVE-2018-1000007 curl: HTTP authentication leak in redirects
1540167 - provides without httpd24 pre/in-fix
1552628 - CVE-2018-1000120 curl: FTP path trickery leads to NIL byte out of bounds write
1552631 - CVE-2018-1000121 curl: LDAP NULL pointer dereference
1553398 - CVE-2018-1000122 curl: RTSP RTP buffer over-read
1558450 - Not able to use SSLOpenSSLConfCmd with httpd24-httpd-2.4.27.
1560395 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications
1560399 - CVE-2018-1303 httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS
1560599 - CVE-2017-15710 httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values
1560614 - CVE-2017-15715 httpd:
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: httpd24-curl-7.61.1-1.el6.src.rpm httpd24-httpd-2.4.34-7.el6.src.rpm httpd24-nghttp2-1.7.1-7.el6.src.rpm
noarch: httpd24-httpd-manual-2.4.34-7.el6.noarch.rpm
x86_64: httpd24-curl-7.61.1-1.el6.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el6.x86_64.rpm httpd24-httpd-2.4.34-7.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el6.x86_64.rpm httpd24-libcurl-7.61.1-1.el6.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el6.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el6.x86_64.rpm httpd24-mod_session-2.4.34-7.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el6.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd24-curl-7.61.1-1.el6.src.rpm httpd24-httpd-2.4.34-7.el6.src.rpm httpd24-nghttp2-1.7.1-7.el6.src.rpm
noarch: httpd24-httpd-manual-2.4.34-7.el6.noarch.rpm
x86_64: httpd24-curl-7.61.1-1.el6.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el6.x86_64.rpm httpd24-httpd-2.4.34-7.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el6.x86_64.rpm httpd24-libcurl-7.61.1-1.el6.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el6.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el6.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el6.x86_64.rpm httpd24-mod_session-2.4.34-7.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el6.x86_64.rpm httpd24-nghttp2-1.7.1-7.el6.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm
aarch64: httpd24-curl-7.61.1-1.el7.aarch64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.aarch64.rpm httpd24-httpd-2.4.34-7.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-7.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-7.el7.aarch64.rpm httpd24-libcurl-7.61.1-1.el7.aarch64.rpm httpd24-libcurl-devel-7.61.1-1.el7.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-7.el7.aarch64.rpm httpd24-mod_md-2.4.34-7.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.aarch64.rpm httpd24-mod_session-2.4.34-7.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-7.el7.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm
ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm
s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm
aarch64: httpd24-curl-7.61.1-1.el7.aarch64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.aarch64.rpm httpd24-httpd-2.4.34-7.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-7.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-7.el7.aarch64.rpm httpd24-libcurl-7.61.1-1.el7.aarch64.rpm httpd24-libcurl-devel-7.61.1-1.el7.aarch64.rpm httpd24-libnghttp2-1.7.1-7.el7.aarch64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-7.el7.aarch64.rpm httpd24-mod_md-2.4.34-7.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.aarch64.rpm httpd24-mod_session-2.4.34-7.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-7.el7.aarch64.rpm httpd24-nghttp2-1.7.1-7.el7.aarch64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm
ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm
s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm
x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm
ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm
s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm
x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm
ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm
s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm
x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm
ppc64le: httpd24-curl-7.61.1-1.el7.ppc64le.rpm httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm httpd24-httpd-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm
s390x: httpd24-curl-7.61.1-1.el7.s390x.rpm httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm httpd24-httpd-2.4.34-7.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm httpd24-libcurl-7.61.1-1.el7.s390x.rpm httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm httpd24-mod_md-2.4.34-7.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm httpd24-mod_session-2.4.34-7.el7.s390x.rpm httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm httpd24-nghttp2-1.7.1-7.el7.s390x.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm
x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-curl-7.61.1-1.el7.src.rpm httpd24-httpd-2.4.34-7.el7.src.rpm httpd24-nghttp2-1.7.1-7.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm
x86_64: httpd24-curl-7.61.1-1.el7.x86_64.rpm httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm httpd24-httpd-2.4.34-7.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm httpd24-libcurl-7.61.1-1.el7.x86_64.rpm httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm httpd24-mod_md-2.4.34-7.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm httpd24-mod_session-2.4.34-7.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-5419 https://access.redhat.com/security/cve/CVE-2016-5420 https://access.redhat.com/security/cve/CVE-2016-5421 https://access.redhat.com/security/cve/CVE-2016-7141 https://access.redhat.com/security/cve/CVE-2016-7167 https://access.redhat.com/security/cve/CVE-2016-8615 https://access.redhat.com/security/cve/CVE-2016-8616 https://access.redhat.com/security/cve/CVE-2016-8617 https://access.redhat.com/security/cve/CVE-2016-8618 https://access.redhat.com/security/cve/CVE-2016-8619 https://access.redhat.com/security/cve/CVE-2016-8620 https://access.redhat.com/security/cve/CVE-2016-8621 https://access.redhat.com/security/cve/CVE-2016-8622 https://access.redhat.com/security/cve/CVE-2016-8623 https://access.redhat.com/security/cve/CVE-2016-8624 https://access.redhat.com/security/cve/CVE-2016-8625 https://access.redhat.com/security/cve/CVE-2016-9586 https://access.redhat.com/security/cve/CVE-2017-7407 https://access.redhat.com/security/cve/CVE-2017-8816 https://access.redhat.com/security/cve/CVE-2017-8817 https://access.redhat.com/security/cve/CVE-2017-15710 https://access.redhat.com/security/cve/CVE-2017-15715 https://access.redhat.com/security/cve/CVE-2017-1000100 https://access.redhat.com/security/cve/CVE-2017-1000101 https://access.redhat.com/security/cve/CVE-2017-1000254 https://access.redhat.com/security/cve/CVE-2017-1000257 https://access.redhat.com/security/cve/CVE-2018-1283 https://access.redhat.com/security/cve/CVE-2018-1301 https://access.redhat.com/security/cve/CVE-2018-1303 https://access.redhat.com/security/cve/CVE-2018-1312 https://access.redhat.com/security/cve/CVE-2018-1333 https://access.redhat.com/security/cve/CVE-2018-11763 https://access.redhat.com/security/cve/CVE-2018-14618 https://access.redhat.com/security/cve/CVE-2018-1000007 https://access.redhat.com/security/cve/CVE-2018-1000120 https://access.redhat.com/security/cve/CVE-2018-1000121 https://access.redhat.com/security/cve/CVE-2018-1000122 https://access.redhat.com/security/cve/CVE-2018-1000301 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.2_release_notes/chap-rhscl#sect-RHSCL-Changes-httpd
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW+qMytzjgjWX9erEAQgLzQ//V6p0MJlmHHuvBRYszVGnu43cqKkSzERl vPJnEBEdzaU1+hxnBpN+PwWRp+X0j7EIgEnc3yBMSqnKnZUXhbW+2AlWKFSu96i1 WcDdaxtFkD8opjERjN+ckuOnk2Eh24eWAYoDIn0WqTR7seOdvdXsURROOyvugwXP ulGH+RQhwyxBYvYKp1RmX+REgKfW99wMxpd7B4depYhsI5ZkTzhyTbnp2E+v/XpY r8NqBJEV0C69sHrddBjvDMl+M0vwPw0X1YWEGsP20tZ3nqGPCVlCegQ+WCUU36HH 1Asxa1s2/50vlY5Aa79iJuAlotw/qy4Cxvm98A33ImBvI1WMfoRXmmkOYcOsTP3o 38fkPK4XuDiimWj+ODq29WsqvjJTZgCD32lw7MgjeyH+0u4aMYnImRtC7tG2ykRU ETXqLCnQ1I1We2ar3vI9xYLJ+wmc/Iy479eDWziiQztO2RusHxXTStt2n5XEGg1Z ylahAIyX989zJ3UcSs2h8dbMqjFzHZtie6xEtgFH8fsaPr36HjvKrTzj9rIN2xgt D1EcxjUVJRp536TzS5ULmAQSAfURruq6xTyuxI9+nDNfFXJbKI5IxIR1W6jkVIMD N1asv6UUHNzFmJgnmd94AlqDK2iCdoZBwmosk6ICcBmJVrWPMXjBDGNS3GtbKOdj RkKELMK+M5A= =7w7/ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0686",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "libcurl",
"scope": "lt",
"trust": 1.8,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "enterprise linux",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux esm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "software collections for rhel workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "software collections for rhel workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "170"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "17.6"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "17.5"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "17.4"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "16"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.34"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.33"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.32"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.31"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.30"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.25"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.23"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.22"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.20"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.6"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.18.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.18"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.17"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.16.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.15.5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.35.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.29.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.28.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.28.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.27.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.26.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.24.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.23.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.7"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.6"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.5"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.21.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.20.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.7"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.19.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.18.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.17.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.16.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.16.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.16.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.16.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.15.4"
},
{
"model": "sinema remote connect client hf1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "libcurl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
}
],
"sources": [
{
"db": "BID",
"id": "107835"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"db": "NVD",
"id": "CVE-2018-14618"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.61.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14618"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens ProductCERT reported these vulnerabilities to NCCIC.,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-215"
}
],
"trust": 0.6
},
"cve": "CVE-2018-14618",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-14618",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-14618",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14618",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2018-14618",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-215",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2018-14618",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-14618"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-215"
},
{
"db": "NVD",
"id": "CVE-2018-14618"
},
{
"db": "NVD",
"id": "CVE-2018-14618"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.). curl Contains an integer overflow vulnerability. This vulnerability CVE-2017-8816 It is a similar problem.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAttackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. \ncURL/libcURL version 7.15.4 through 7.61.0 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201903-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: March 10, 2019\n Bugs: #665292, #670026, #677346\n ID: 201903-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.64.0 \u003e= 7.64.0 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nRemote attackers could cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.64.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-14618\n https://nvd.nist.gov/vuln/detail/CVE-2018-14618\n[ 2 ] CVE-2018-16839\n https://nvd.nist.gov/vuln/detail/CVE-2018-16839\n[ 3 ] CVE-2018-16840\n https://nvd.nist.gov/vuln/detail/CVE-2018-16840\n[ 4 ] CVE-2018-16842\n https://nvd.nist.gov/vuln/detail/CVE-2018-16842\n[ 5 ] CVE-2019-3822\n https://nvd.nist.gov/vuln/detail/CVE-2019-3822\n[ 6 ] CVE-2019-3823\n https://nvd.nist.gov/vuln/detail/CVE-2019-3823\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3765-2\nSeptember 17, 2018\n\ncurl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\ncurl could be made to run arbitrary code if it received a specially\ncrafted input. This update provides\nthe corresponding update for Ubuntu 12.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that curl incorrectly handled certain inputs. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n curl 7.22.0-3ubuntu4.23\n libcurl3 7.22.0-3ubuntu4.23\n libcurl3-gnutls 7.22.0-3ubuntu4.23\n libcurl3-nss 7.22.0-3ubuntu4.23\n\nIn general, a standard system update will make all the necessary\nchanges. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: NTLM password overflow via integer overflow (CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* baseurl with file:// hangs and then timeout in yum repo (BZ#1709474)\n\n* curl crashes on http links with rate-limit (BZ#1711914)\n\n4. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.61.1-i586-1_slack14.2.txz: Upgraded. \n For more information, see:\n https://curl.haxx.se/docs/CVE-2018-14618.html\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.61.1-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.61.1-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.61.1-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.61.1-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.61.1-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.61.1-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.61.1-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.61.1-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\nd6493074efefb47021747a0f525a3875 curl-7.61.1-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n9d5fb07395d570c7af54d306dff25e0d curl-7.61.1-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nfff7b1f0df80b7b8386e6b1b58fadaec curl-7.61.1-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nfe69bb3baaf679dec8bd3abea3c6ef02 curl-7.61.1-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\ne130826573cd1cf9b5d769690ff91811 curl-7.61.1-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n161e1f2949b0285484de8aa16953c5e7 curl-7.61.1-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n7135b216f6e989b0ae3e6123f6a07083 n/curl-7.61.1-i586-1.txz\n\nSlackware x86_64 -current package:\nb96ce6cdc7ae46e5979563f8f939fcfd n/curl-7.61.1-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.61.1-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: httpd24 security, bug fix, and enhancement update\nAdvisory ID: RHSA-2018:3558-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3558\nIssue date: 2018-11-13\nCVE Names: CVE-2016-5419 CVE-2016-5420 CVE-2016-5421 \n CVE-2016-7141 CVE-2016-7167 CVE-2016-8615 \n CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 \n CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 \n CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 \n CVE-2016-8625 CVE-2016-9586 CVE-2017-7407 \n CVE-2017-8816 CVE-2017-8817 CVE-2017-15710 \n CVE-2017-15715 CVE-2017-1000100 CVE-2017-1000101 \n CVE-2017-1000254 CVE-2017-1000257 CVE-2018-1283 \n CVE-2018-1301 CVE-2018-1303 CVE-2018-1312 \n CVE-2018-1333 CVE-2018-11763 CVE-2018-14618 \n CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 \n CVE-2018-1000122 CVE-2018-1000301 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now\navailable for Red Hat Software Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe Apache HTTP Server is a powerful, efficient, and extensible web server. \nThe httpd24 packages provide a recent stable release of version 2.4 of the\nApache HTTP Server, along with the mod_auth_kerb module. \n\nThe following packages have been upgraded to a later upstream version:\nhttpd24-httpd (2.4.34), httpd24-curl (7.61.1). (BZ#1590833, BZ#1648928)\n\nSecurity Fix(es):\n\n* httpd: Improper handling of headers in mod_session can allow a remote\nuser to modify session data for CGI applications (CVE-2018-1283)\n\n* httpd: Out of bounds read in mod_cache_socache can allow a remote\nattacker to cause DoS (CVE-2018-1303)\n\n* httpd: mod_http2: Too much time allocated to workers, possibly leading to\nDoS (CVE-2018-1333)\n\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS frames\n(CVE-2018-11763)\n\n* httpd: Out of bounds write in mod_authnz_ldap when using too small\nAccept-Language values (CVE-2017-15710)\n\n* httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name\n(CVE-2017-15715)\n\n* httpd: Out of bounds access after failure in reading the HTTP request\n(CVE-2018-1301)\n\n* httpd: Weak Digest auth nonce generation in mod_auth_digest\n(CVE-2018-1312)\n\n* curl: Multiple security issues were fixed in httpd24-curl (CVE-2016-5419,\nCVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615,\nCVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620,\nCVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625,\nCVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254,\nCVE-2017-1000257, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817,\nCVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122,\nCVE-2018-1000301, CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Curl project for reporting CVE-2017-8816,\nCVE-2017-8817, CVE-2017-1000254, CVE-2017-1000257, CVE-2018-1000007,\nCVE-2018-1000120, CVE-2018-1000122, CVE-2018-1000301, CVE-2016-9586,\nCVE-2017-1000100, CVE-2017-1000101, CVE-2018-14618, and CVE-2018-1000121. \nUpstream acknowledges Alex Nichols as the original reporter of\nCVE-2017-8816; the OSS-Fuzz project as the original reporter of\nCVE-2017-8817 and CVE-2018-1000301; Max Dymond as the original reporter of\nCVE-2017-1000254 and CVE-2018-1000122; Brian Carpenter and the OSS-Fuzz\nproject as the original reporters of CVE-2017-1000257; Craig de Stigter as\nthe original reporter of CVE-2018-1000007; Duy Phan Thanh as the original\nreporter of CVE-2018-1000120; Even Rouault as the original reporter of\nCVE-2017-1000100; Brian Carpenter as the original reporter of\nCVE-2017-1000101; Zhaoyang Wu as the original reporter of CVE-2018-14618;\nand Dario Weisser as the original reporter of CVE-2018-1000121. \n\nBug Fix(es):\n\n* Previously, the Apache HTTP Server from the httpd24 Software Collection\nwas unable to handle situations when static content was repeatedly\nrequested in a browser by refreshing the page. As a consequence, HTTP/2\nconnections timed out and httpd became unresponsive. This bug has been\nfixed, and HTTP/2 connections now work as expected in the described\nscenario. (BZ#1518737)\n\nEnhancement(s):\n\n* This update adds the mod_md module to the httpd24 Software Collection. \nThis module enables managing domains across virtual hosts and certificate\nprovisioning using the Automatic Certificate Management Environment (ACME)\nprotocol. The mod_md module is available only for Red Hat Enterprise Linux\n7. (BZ#1640722)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nSoftware Collections 3.2 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1362183 - CVE-2016-5419 curl: TLS session resumption client cert bypass\n1362190 - CVE-2016-5420 curl: Re-using connection with wrong client cert\n1362199 - CVE-2016-5421 curl: Use of connection struct after free\n1373229 - CVE-2016-7141 curl: Incorrect reuse of client certificates\n1375906 - CVE-2016-7167 curl: escape and unescape integer overflows\n1388370 - CVE-2016-8615 curl: Cookie injection for other servers\n1388371 - CVE-2016-8616 curl: Case insensitive password comparison\n1388377 - CVE-2016-8617 curl: Out-of-bounds write via unchecked multiplication\n1388378 - CVE-2016-8618 curl: Double-free in curl_maprintf\n1388379 - CVE-2016-8619 curl: Double-free in krb5 code\n1388382 - CVE-2016-8620 curl: Glob parser write/read out of bounds\n1388385 - CVE-2016-8621 curl: curl_getdate out-of-bounds read\n1388386 - CVE-2016-8622 curl: URL unescape heap overflow via integer truncation\n1388388 - CVE-2016-8623 curl: Use-after-free via shared cookies\n1388390 - CVE-2016-8624 curl: Invalid URL parsing with \u0027#\u0027\n1388392 - CVE-2016-8625 curl: IDNA 2003 makes curl use wrong host\n1406712 - CVE-2016-9586 curl: printf floating point buffer overflow\n1439190 - CVE-2017-7407 curl: --write-out out of bounds read\n1478309 - CVE-2017-1000101 curl: URL globbing out of bounds read\n1478310 - CVE-2017-1000100 curl: TFTP sends more than buffer size\n1495541 - CVE-2017-1000254 curl: FTP PWD response parser out of bounds read\n1503705 - CVE-2017-1000257 curl: IMAP FETCH response out of bounds read\n1515757 - CVE-2017-8816 curl: NTLM buffer overflow via integer overflow\n1515760 - CVE-2017-8817 curl: FTP wildcard out of bounds read\n1518737 - HTTP/2 connections hang and timeout\n1537125 - CVE-2018-1000007 curl: HTTP authentication leak in redirects\n1540167 - provides without httpd24 pre/in-fix\n1552628 - CVE-2018-1000120 curl: FTP path trickery leads to NIL byte out of bounds write\n1552631 - CVE-2018-1000121 curl: LDAP NULL pointer dereference\n1553398 - CVE-2018-1000122 curl: RTSP RTP buffer over-read\n1558450 - Not able to use SSLOpenSSLConfCmd with httpd24-httpd-2.4.27. \n1560395 - CVE-2018-1283 httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications\n1560399 - CVE-2018-1303 httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS\n1560599 - CVE-2017-15710 httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values\n1560614 - CVE-2017-15715 httpd: \u003cFilesMatch\u003e bypass with a trailing newline in the file name\n1560634 - CVE-2018-1312 httpd: Weak Digest auth nonce generation in mod_auth_digest\n1560643 - CVE-2018-1301 httpd: Out of bounds access after failure in reading the HTTP request\n1575536 - CVE-2018-1000301 curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service\n1605048 - CVE-2018-1333 httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS\n1622707 - CVE-2018-14618 curl: NTLM password overflow via integer overflow\n1628389 - Make OCSP more configurable (like CRL)\n1633260 - mod_session missing apr-util-openssl\n1633399 - CVE-2018-11763 httpd: DoS for HTTP/2 connections by continuous SETTINGS frames\n1634830 - FTBFS: httpd24-httpd\n1640722 - mod_md is missing in httpd24-httpd\n1646937 - Unable to start httpd\n1648928 - Rebase curl to the latest version\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-curl-7.61.1-1.el6.src.rpm\nhttpd24-httpd-2.4.34-7.el6.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-7.el6.noarch.rpm\n\nx86_64:\nhttpd24-curl-7.61.1-1.el6.x86_64.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el6.x86_64.rpm\nhttpd24-httpd-2.4.34-7.el6.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el6.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-7.el6.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-7.el6.x86_64.rpm\nhttpd24-libcurl-7.61.1-1.el6.x86_64.rpm\nhttpd24-libcurl-devel-7.61.1-1.el6.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-7.el6.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el6.x86_64.rpm\nhttpd24-mod_session-2.4.34-7.el6.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-7.el6.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-curl-7.61.1-1.el6.src.rpm\nhttpd24-httpd-2.4.34-7.el6.src.rpm\nhttpd24-nghttp2-1.7.1-7.el6.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-7.el6.noarch.rpm\n\nx86_64:\nhttpd24-curl-7.61.1-1.el6.x86_64.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el6.x86_64.rpm\nhttpd24-httpd-2.4.34-7.el6.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el6.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-7.el6.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-7.el6.x86_64.rpm\nhttpd24-libcurl-7.61.1-1.el6.x86_64.rpm\nhttpd24-libcurl-devel-7.61.1-1.el6.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el6.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el6.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-7.el6.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el6.x86_64.rpm\nhttpd24-mod_session-2.4.34-7.el6.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-7.el6.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el6.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-curl-7.61.1-1.el7.src.rpm\nhttpd24-httpd-2.4.34-7.el7.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.src.rpm\n\naarch64:\nhttpd24-curl-7.61.1-1.el7.aarch64.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.aarch64.rpm\nhttpd24-httpd-2.4.34-7.el7.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.aarch64.rpm\nhttpd24-libcurl-7.61.1-1.el7.aarch64.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.aarch64.rpm\nhttpd24-mod_md-2.4.34-7.el7.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.aarch64.rpm\nhttpd24-mod_session-2.4.34-7.el7.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-7.el7.noarch.rpm\n\nppc64le:\nhttpd24-curl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm\nhttpd24-httpd-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm\nhttpd24-libcurl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_md-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_session-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm\n\ns390x:\nhttpd24-curl-7.61.1-1.el7.s390x.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm\nhttpd24-httpd-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.s390x.rpm\nhttpd24-libcurl-7.61.1-1.el7.s390x.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_md-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_session-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-curl-7.61.1-1.el7.src.rpm\nhttpd24-httpd-2.4.34-7.el7.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.src.rpm\n\naarch64:\nhttpd24-curl-7.61.1-1.el7.aarch64.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.aarch64.rpm\nhttpd24-httpd-2.4.34-7.el7.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.aarch64.rpm\nhttpd24-libcurl-7.61.1-1.el7.aarch64.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.aarch64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.aarch64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.aarch64.rpm\nhttpd24-mod_md-2.4.34-7.el7.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.aarch64.rpm\nhttpd24-mod_session-2.4.34-7.el7.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.aarch64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.aarch64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-7.el7.noarch.rpm\n\nppc64le:\nhttpd24-curl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm\nhttpd24-httpd-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm\nhttpd24-libcurl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_md-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_session-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm\n\ns390x:\nhttpd24-curl-7.61.1-1.el7.s390x.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm\nhttpd24-httpd-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.s390x.rpm\nhttpd24-libcurl-7.61.1-1.el7.s390x.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_md-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_session-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm\n\nx86_64:\nhttpd24-curl-7.61.1-1.el7.x86_64.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm\nhttpd24-httpd-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm\nhttpd24-libcurl-7.61.1-1.el7.x86_64.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_md-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_session-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nhttpd24-curl-7.61.1-1.el7.src.rpm\nhttpd24-httpd-2.4.34-7.el7.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-7.el7.noarch.rpm\n\nppc64le:\nhttpd24-curl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm\nhttpd24-httpd-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm\nhttpd24-libcurl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_md-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_session-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm\n\ns390x:\nhttpd24-curl-7.61.1-1.el7.s390x.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm\nhttpd24-httpd-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.s390x.rpm\nhttpd24-libcurl-7.61.1-1.el7.s390x.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_md-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_session-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm\n\nx86_64:\nhttpd24-curl-7.61.1-1.el7.x86_64.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm\nhttpd24-httpd-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm\nhttpd24-libcurl-7.61.1-1.el7.x86_64.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_md-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_session-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nhttpd24-curl-7.61.1-1.el7.src.rpm\nhttpd24-httpd-2.4.34-7.el7.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-7.el7.noarch.rpm\n\nppc64le:\nhttpd24-curl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm\nhttpd24-httpd-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm\nhttpd24-libcurl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_md-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_session-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm\n\ns390x:\nhttpd24-curl-7.61.1-1.el7.s390x.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm\nhttpd24-httpd-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.s390x.rpm\nhttpd24-libcurl-7.61.1-1.el7.s390x.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_md-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_session-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm\n\nx86_64:\nhttpd24-curl-7.61.1-1.el7.x86_64.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm\nhttpd24-httpd-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm\nhttpd24-libcurl-7.61.1-1.el7.x86_64.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_md-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_session-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nhttpd24-curl-7.61.1-1.el7.src.rpm\nhttpd24-httpd-2.4.34-7.el7.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-7.el7.noarch.rpm\n\nppc64le:\nhttpd24-curl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm\nhttpd24-httpd-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm\nhttpd24-libcurl-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_md-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_session-2.4.34-7.el7.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm\nhttpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm\n\ns390x:\nhttpd24-curl-7.61.1-1.el7.s390x.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm\nhttpd24-httpd-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.s390x.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.s390x.rpm\nhttpd24-libcurl-7.61.1-1.el7.s390x.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_md-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_session-2.4.34-7.el7.s390x.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.s390x.rpm\nhttpd24-nghttp2-1.7.1-7.el7.s390x.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm\n\nx86_64:\nhttpd24-curl-7.61.1-1.el7.x86_64.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm\nhttpd24-httpd-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm\nhttpd24-libcurl-7.61.1-1.el7.x86_64.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_md-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_session-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-curl-7.61.1-1.el7.src.rpm\nhttpd24-httpd-2.4.34-7.el7.src.rpm\nhttpd24-nghttp2-1.7.1-7.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-7.el7.noarch.rpm\n\nx86_64:\nhttpd24-curl-7.61.1-1.el7.x86_64.rpm\nhttpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm\nhttpd24-httpd-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm\nhttpd24-libcurl-7.61.1-1.el7.x86_64.rpm\nhttpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm\nhttpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_md-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_session-2.4.34-7.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm\nhttpd24-nghttp2-1.7.1-7.el7.x86_64.rpm\nhttpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-5419\nhttps://access.redhat.com/security/cve/CVE-2016-5420\nhttps://access.redhat.com/security/cve/CVE-2016-5421\nhttps://access.redhat.com/security/cve/CVE-2016-7141\nhttps://access.redhat.com/security/cve/CVE-2016-7167\nhttps://access.redhat.com/security/cve/CVE-2016-8615\nhttps://access.redhat.com/security/cve/CVE-2016-8616\nhttps://access.redhat.com/security/cve/CVE-2016-8617\nhttps://access.redhat.com/security/cve/CVE-2016-8618\nhttps://access.redhat.com/security/cve/CVE-2016-8619\nhttps://access.redhat.com/security/cve/CVE-2016-8620\nhttps://access.redhat.com/security/cve/CVE-2016-8621\nhttps://access.redhat.com/security/cve/CVE-2016-8622\nhttps://access.redhat.com/security/cve/CVE-2016-8623\nhttps://access.redhat.com/security/cve/CVE-2016-8624\nhttps://access.redhat.com/security/cve/CVE-2016-8625\nhttps://access.redhat.com/security/cve/CVE-2016-9586\nhttps://access.redhat.com/security/cve/CVE-2017-7407\nhttps://access.redhat.com/security/cve/CVE-2017-8816\nhttps://access.redhat.com/security/cve/CVE-2017-8817\nhttps://access.redhat.com/security/cve/CVE-2017-15710\nhttps://access.redhat.com/security/cve/CVE-2017-15715\nhttps://access.redhat.com/security/cve/CVE-2017-1000100\nhttps://access.redhat.com/security/cve/CVE-2017-1000101\nhttps://access.redhat.com/security/cve/CVE-2017-1000254\nhttps://access.redhat.com/security/cve/CVE-2017-1000257\nhttps://access.redhat.com/security/cve/CVE-2018-1283\nhttps://access.redhat.com/security/cve/CVE-2018-1301\nhttps://access.redhat.com/security/cve/CVE-2018-1303\nhttps://access.redhat.com/security/cve/CVE-2018-1312\nhttps://access.redhat.com/security/cve/CVE-2018-1333\nhttps://access.redhat.com/security/cve/CVE-2018-11763\nhttps://access.redhat.com/security/cve/CVE-2018-14618\nhttps://access.redhat.com/security/cve/CVE-2018-1000007\nhttps://access.redhat.com/security/cve/CVE-2018-1000120\nhttps://access.redhat.com/security/cve/CVE-2018-1000121\nhttps://access.redhat.com/security/cve/CVE-2018-1000122\nhttps://access.redhat.com/security/cve/CVE-2018-1000301\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.2_release_notes/chap-rhscl#sect-RHSCL-Changes-httpd\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW+qMytzjgjWX9erEAQgLzQ//V6p0MJlmHHuvBRYszVGnu43cqKkSzERl\nvPJnEBEdzaU1+hxnBpN+PwWRp+X0j7EIgEnc3yBMSqnKnZUXhbW+2AlWKFSu96i1\nWcDdaxtFkD8opjERjN+ckuOnk2Eh24eWAYoDIn0WqTR7seOdvdXsURROOyvugwXP\nulGH+RQhwyxBYvYKp1RmX+REgKfW99wMxpd7B4depYhsI5ZkTzhyTbnp2E+v/XpY\nr8NqBJEV0C69sHrddBjvDMl+M0vwPw0X1YWEGsP20tZ3nqGPCVlCegQ+WCUU36HH\n1Asxa1s2/50vlY5Aa79iJuAlotw/qy4Cxvm98A33ImBvI1WMfoRXmmkOYcOsTP3o\n38fkPK4XuDiimWj+ODq29WsqvjJTZgCD32lw7MgjeyH+0u4aMYnImRtC7tG2ykRU\nETXqLCnQ1I1We2ar3vI9xYLJ+wmc/Iy479eDWziiQztO2RusHxXTStt2n5XEGg1Z\nylahAIyX989zJ3UcSs2h8dbMqjFzHZtie6xEtgFH8fsaPr36HjvKrTzj9rIN2xgt\nD1EcxjUVJRp536TzS5ULmAQSAfURruq6xTyuxI9+nDNfFXJbKI5IxIR1W6jkVIMD\nN1asv6UUHNzFmJgnmd94AlqDK2iCdoZBwmosk6ICcBmJVrWPMXjBDGNS3GtbKOdj\nRkKELMK+M5A=\n=7w7/\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14618"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"db": "BID",
"id": "107835"
},
{
"db": "VULMON",
"id": "CVE-2018-14618"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "149396"
},
{
"db": "PACKETSTORM",
"id": "149395"
},
{
"db": "PACKETSTORM",
"id": "153792"
},
{
"db": "PACKETSTORM",
"id": "149249"
},
{
"db": "PACKETSTORM",
"id": "150307"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14618",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-436177",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-04",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1041605",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013634",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152034",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0783",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0795",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0473",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-215",
"trust": 0.6
},
{
"db": "BID",
"id": "107835",
"trust": 0.3
},
{
"db": "VULMON",
"id": "CVE-2018-14618",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149396",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149395",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153792",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149249",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150307",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-14618"
},
{
"db": "BID",
"id": "107835"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "149396"
},
{
"db": "PACKETSTORM",
"id": "149395"
},
{
"db": "PACKETSTORM",
"id": "153792"
},
{
"db": "PACKETSTORM",
"id": "149249"
},
{
"db": "PACKETSTORM",
"id": "150307"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-215"
},
{
"db": "NVD",
"id": "CVE-2018-14618"
}
]
},
"id": "VAR-201809-0686",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.68333334
},
"last_update_date": "2024-07-23T20:17:09.201000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4286",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4286"
},
{
"title": "Bug 1622707",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-14618"
},
{
"title": "RHSA-2018:3558",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2018:3558"
},
{
"title": "NTLM password overflow via integer overflow",
"trust": 0.8,
"url": "https://curl.haxx.se/docs/cve-2018-14618.html"
},
{
"title": "USN-3765-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3765-1/"
},
{
"title": "USN-3765-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3765-2/"
},
{
"title": "Haxx curl Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84547"
},
{
"title": "Red Hat: Low: curl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191880 - security advisory"
},
{
"title": "Ubuntu Security Notice: curl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3765-1"
},
{
"title": "Ubuntu Security Notice: curl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3765-2"
},
{
"title": "Amazon Linux AMI: ALAS-2018-1112",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2018-1112"
},
{
"title": "Red Hat: CVE-2018-14618",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-14618"
},
{
"title": "IBM: IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in cURL (CVE-2018-14618)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a1829bb84184b37e71ea49829931b07f"
},
{
"title": "Debian CVElist Bug Report Logs: curl: CVE-2018-14618: NTLM password overflow via integer overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=bcc124abe94afd85dbaa24ccf7746c39"
},
{
"title": "IBM: IBM Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in cURL (CVE-2018-14618 CVE-2018-16840 CVE-2018-16842)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7531c7915b1d94fd00f2e04e9f32c65b"
},
{
"title": "Amazon Linux 2: ALAS2-2018-1135",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2018-1135"
},
{
"title": "IBM: IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Storage \u2013 GlusterFS and Minio",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=7fea8e095b9e5b4078d6992b0167a6bc"
},
{
"title": "IBM: IBM Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=07514a487c5c08ab5176c6cdf0fd6ac5"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-0732, CVE-2018-0737, CVE-2018-14618, CVE-2018-1000301)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=443b53fd5630b4348dc744a4e12c5e7e"
},
{
"title": "Red Hat: Moderate: httpd24 security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20183558 - security advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8a056bd2177d12192b11798b7ac3e013"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Appliance",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=800337bc69aa7ad92ac88a2adcc7d426"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=2196fa008592287290cbd6678fbe10d4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 fluentd",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=60de0933c28b353f38df30120aa2a908"
},
{
"title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
},
{
"title": "enforcer",
"trust": 0.1,
"url": "https://github.com/ibrokethecloud/enforcer "
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/korayagaya/trivyweb "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/vulnerability-scanner-for-containers "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-14618"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-215"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"db": "NVD",
"id": "CVE-2018-14618"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://curl.haxx.se/docs/cve-2018-14618.html"
},
{
"trust": 2.1,
"url": "https://usn.ubuntu.com/3765-1/"
},
{
"trust": 2.1,
"url": "https://access.redhat.com/errata/rhsa-2018:3558"
},
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-14618"
},
{
"trust": 2.0,
"url": "https://www.debian.org/security/2018/dsa-4286"
},
{
"trust": 2.0,
"url": "https://usn.ubuntu.com/3765-2/"
},
{
"trust": 2.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1041605"
},
{
"trust": 1.7,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0014"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2019:1880"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14618"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14618"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76910"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76998"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870676"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-curl-affects-ibm-cloud-pak-system-cve-2018-14618/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870936"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10791573"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1173136"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152034/gentoo-linux-security-advisory-201903-03.html"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10791553"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143490"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75618"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-14618"
},
{
"trust": 0.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-04"
},
{
"trust": 0.3,
"url": "https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch"
},
{
"trust": 0.3,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.3,
"url": "https://github.com/falconindy/curl/commit/e6c2dea7ddd2ed63a78576b176fdbd0b3f132e31"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3765-1"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3822"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16840"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3823"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16839"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3765-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.17"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8624"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8625"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000007"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-8816"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-1000254"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000120"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8616"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000301"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.2_release_notes/chap-rhscl#sect-rhscl-changes-httpd"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-7407"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000100"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8617"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8616"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-9586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1312"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1333"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7141"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1303"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000007"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5420"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8620"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-1000101"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-7167"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8622"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000257"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-1000257"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000101"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-8817"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000254"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5420"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-7141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8625"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-1000100"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7167"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8621"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-7407"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8623"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8618"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-14618"
},
{
"db": "BID",
"id": "107835"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "149396"
},
{
"db": "PACKETSTORM",
"id": "149395"
},
{
"db": "PACKETSTORM",
"id": "153792"
},
{
"db": "PACKETSTORM",
"id": "149249"
},
{
"db": "PACKETSTORM",
"id": "150307"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-215"
},
{
"db": "NVD",
"id": "CVE-2018-14618"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2018-14618"
},
{
"db": "BID",
"id": "107835"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "149396"
},
{
"db": "PACKETSTORM",
"id": "149395"
},
{
"db": "PACKETSTORM",
"id": "153792"
},
{
"db": "PACKETSTORM",
"id": "149249"
},
{
"db": "PACKETSTORM",
"id": "150307"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-215"
},
{
"db": "NVD",
"id": "CVE-2018-14618"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14618"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "107835"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"date": "2019-03-11T18:48:31",
"db": "PACKETSTORM",
"id": "152034"
},
{
"date": "2018-09-17T23:44:00",
"db": "PACKETSTORM",
"id": "149396"
},
{
"date": "2018-09-17T23:23:00",
"db": "PACKETSTORM",
"id": "149395"
},
{
"date": "2019-07-29T18:57:40",
"db": "PACKETSTORM",
"id": "153792"
},
{
"date": "2018-09-06T14:15:01",
"db": "PACKETSTORM",
"id": "149249"
},
{
"date": "2018-11-13T18:02:16",
"db": "PACKETSTORM",
"id": "150307"
},
{
"date": "2018-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-215"
},
{
"date": "2018-09-05T19:29:00.420000",
"db": "NVD",
"id": "CVE-2018-14618"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-22T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14618"
},
{
"date": "2018-09-05T00:00:00",
"db": "BID",
"id": "107835"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013634"
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-215"
},
{
"date": "2019-04-22T17:48:00.643000",
"db": "NVD",
"id": "CVE-2018-14618"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-215"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "curl Integer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013634"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-215"
}
],
"trust": 0.6
}
}
var-201902-0620
Vulnerability from variot
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. libcurl Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition.
cURL/libcURL from 7.36.0 through 7.63.0 are vulnerable. Haxx libcurl is a basket of open source client URL transfer libraries from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP.
For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u9.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi RygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7 Hl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp k1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh RFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ cSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z dccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm zXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u rAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2 Hg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB u3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa zi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2019:3701-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3701 Issue date: 2019-11-05 CVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 CVE-2019-3823 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)
-
wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
-
curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
-
curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c 1669156 - connection re-use does not work for SCP and SFTP 1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read 1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow 1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: curl-7.61.1-11.el8.src.rpm
aarch64: curl-7.61.1-11.el8.aarch64.rpm curl-debuginfo-7.61.1-11.el8.aarch64.rpm curl-debugsource-7.61.1-11.el8.aarch64.rpm curl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-7.61.1-11.el8.aarch64.rpm libcurl-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-devel-7.61.1-11.el8.aarch64.rpm libcurl-minimal-7.61.1-11.el8.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm
ppc64le: curl-7.61.1-11.el8.ppc64le.rpm curl-debuginfo-7.61.1-11.el8.ppc64le.rpm curl-debugsource-7.61.1-11.el8.ppc64le.rpm curl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-7.61.1-11.el8.ppc64le.rpm libcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-devel-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm
s390x: curl-7.61.1-11.el8.s390x.rpm curl-debuginfo-7.61.1-11.el8.s390x.rpm curl-debugsource-7.61.1-11.el8.s390x.rpm curl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-7.61.1-11.el8.s390x.rpm libcurl-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-devel-7.61.1-11.el8.s390x.rpm libcurl-minimal-7.61.1-11.el8.s390x.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm
x86_64: curl-7.61.1-11.el8.x86_64.rpm curl-debuginfo-7.61.1-11.el8.i686.rpm curl-debuginfo-7.61.1-11.el8.x86_64.rpm curl-debugsource-7.61.1-11.el8.i686.rpm curl-debugsource-7.61.1-11.el8.x86_64.rpm curl-minimal-debuginfo-7.61.1-11.el8.i686.rpm curl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-7.61.1-11.el8.i686.rpm libcurl-7.61.1-11.el8.x86_64.rpm libcurl-debuginfo-7.61.1-11.el8.i686.rpm libcurl-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-devel-7.61.1-11.el8.i686.rpm libcurl-devel-7.61.1-11.el8.x86_64.rpm libcurl-minimal-7.61.1-11.el8.i686.rpm libcurl-minimal-7.61.1-11.el8.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16890 https://access.redhat.com/security/cve/CVE-2018-20483 https://access.redhat.com/security/cve/CVE-2019-3822 https://access.redhat.com/security/cve/CVE-2019-3823 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm jIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j owx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A FfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56 tvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW jlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO I5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2 Rfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq OKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc szJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq l4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0 PK6rxvdCr2I= =8Z+p -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing
- ========================================================================== Ubuntu Security Notice USN-3882-1 February 06, 2019
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in curl. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890)
Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)
Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. (CVE-2019-3823)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: curl 7.61.0-1ubuntu2.3 libcurl3-gnutls 7.61.0-1ubuntu2.3 libcurl3-nss 7.61.0-1ubuntu2.3 libcurl4 7.61.0-1ubuntu2.3
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.6 libcurl3-gnutls 7.58.0-2ubuntu3.6 libcurl3-nss 7.58.0-2ubuntu3.6 libcurl4 7.58.0-2ubuntu3.6
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.12 libcurl3 7.47.0-1ubuntu2.12 libcurl3-gnutls 7.47.0-1ubuntu2.12 libcurl3-nss 7.47.0-1ubuntu2.12
Ubuntu 14.04 LTS: curl 7.35.0-1ubuntu2.20 libcurl3 7.35.0-1ubuntu2.20 libcurl3-gnutls 7.35.0-1ubuntu2.20 libcurl3-nss 7.35.0-1ubuntu2.20
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. NTLMv2 type-3 header stack buffer overflow. SMTP end-of-response out-of-bounds read. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: e57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: f599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz
Slackware -current package: 9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz
Slackware x86_64 -current package: 869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.64.0-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0620",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.0"
},
{
"model": "sinema remote connect client",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "14.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.64.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "13.1.3"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "14.1.2"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "*"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.0.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "libcurl",
"scope": "lt",
"trust": 0.8,
"vendor": "haxx",
"version": "7.36.0 thats all 7.64.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "services tools bundle",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.14"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.13"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.19"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.18"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.17"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.6.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.6"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.5.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.5.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.4.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.4.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.45"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.6.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.6"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "sinema remote connect client hf1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "curl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64.0"
}
],
"sources": [
{
"db": "BID",
"id": "106947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.64.0",
"versionStartIncluding": "7.36.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.0.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wenxiang Qian of Tencent Blade Team,Siemens ProductCERT reported these vulnerabilities to NCCIC.,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
],
"trust": 0.6
},
"cve": "CVE-2018-16890",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16890",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-127295",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16890",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-16890",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2018-16890",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-122",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-127295",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-16890",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. libcurl Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nAn attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition. \ncURL/libcURL from 7.36.0 through 7.63.0 are vulnerable. Haxx libcurl is a basket of open source client URL transfer libraries from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi\nRygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7\nHl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp\nk1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh\nRFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ\ncSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z\ndccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm\nzXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u\nrAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2\nHg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB\nu3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa\nzi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security and bug fix update\nAdvisory ID: RHSA-2019:3701-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3701\nIssue date: 2019-11-05\nCVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 \n CVE-2019-3823 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c\n(CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c\n1669156 - connection re-use does not work for SCP and SFTP\n1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read\n1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow\n1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-11.el8.src.rpm\n\naarch64:\ncurl-7.61.1-11.el8.aarch64.rpm\ncurl-debuginfo-7.61.1-11.el8.aarch64.rpm\ncurl-debugsource-7.61.1-11.el8.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-7.61.1-11.el8.aarch64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-devel-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-11.el8.ppc64le.rpm\ncurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\ncurl-debugsource-7.61.1-11.el8.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-7.61.1-11.el8.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-devel-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-11.el8.s390x.rpm\ncurl-debuginfo-7.61.1-11.el8.s390x.rpm\ncurl-debugsource-7.61.1-11.el8.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-7.61.1-11.el8.s390x.rpm\nlibcurl-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-devel-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\n\nx86_64:\ncurl-7.61.1-11.el8.x86_64.rpm\ncurl-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-debuginfo-7.61.1-11.el8.x86_64.rpm\ncurl-debugsource-7.61.1-11.el8.i686.rpm\ncurl-debugsource-7.61.1-11.el8.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-7.61.1-11.el8.i686.rpm\nlibcurl-7.61.1-11.el8.x86_64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-devel-7.61.1-11.el8.i686.rpm\nlibcurl-devel-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16890\nhttps://access.redhat.com/security/cve/CVE-2018-20483\nhttps://access.redhat.com/security/cve/CVE-2019-3822\nhttps://access.redhat.com/security/cve/CVE-2019-3823\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm\njIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j\nowx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A\nFfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56\ntvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW\njlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO\nI5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2\nRfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq\nOKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc\nszJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq\nl4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0\nPK6rxvdCr2I=\n=8Z+p\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. ==========================================================================\nUbuntu Security Notice USN-3882-1\nFebruary 06, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. This issue only\napplied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. (CVE-2019-3823)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n curl 7.61.0-1ubuntu2.3\n libcurl3-gnutls 7.61.0-1ubuntu2.3\n libcurl3-nss 7.61.0-1ubuntu2.3\n libcurl4 7.61.0-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.6\n libcurl3-gnutls 7.58.0-2ubuntu3.6\n libcurl3-nss 7.58.0-2ubuntu3.6\n libcurl4 7.58.0-2ubuntu3.6\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.12\n libcurl3 7.47.0-1ubuntu2.12\n libcurl3-gnutls 7.47.0-1ubuntu2.12\n libcurl3-nss 7.47.0-1ubuntu2.12\n\nUbuntu 14.04 LTS:\n curl 7.35.0-1ubuntu2.20\n libcurl3 7.35.0-1ubuntu2.20\n libcurl3-gnutls 7.35.0-1ubuntu2.20\n libcurl3-nss 7.35.0-1ubuntu2.20\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. \n NTLMv2 type-3 header stack buffer overflow. \n SMTP end-of-response out-of-bounds read. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz\n\nSlackware x86_64 -current package:\n869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.64.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "BID",
"id": "106947"
},
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16890",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-436177",
"trust": 2.1
},
{
"db": "BID",
"id": "106947",
"trust": 2.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-04",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1084",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0381.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1221",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "151566",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151568",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "155162",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151569",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-127295",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-16890",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "BID",
"id": "106947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
]
},
"id": "VAR-201902-0620",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
}
],
"trust": 0.78333334
},
"last_update_date": "2023-12-18T11:48:48.882000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4386",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"title": "NTLM type-2 out-of-bounds buffer read",
"trust": 0.8,
"url": "https://curl.haxx.se/docs/cve-2018-16890.html"
},
{
"title": "USN-3882-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"title": "Red Hat: Moderate: curl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193701 - security advisory"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3882-1"
},
{
"title": "Red Hat: CVE-2018-16890",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-16890"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2018-16890"
},
{
"title": "Arch Linux Advisories: [ASA-201902-9] curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-9"
},
{
"title": "Arch Linux Advisories: [ASA-201902-10] libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-10"
},
{
"title": "Arch Linux Advisories: [ASA-201902-13] lib32-curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-13"
},
{
"title": "Arch Linux Advisories: [ASA-201902-12] lib32-libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-12"
},
{
"title": "Arch Linux Advisories: [ASA-201902-11] lib32-libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-11"
},
{
"title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22decc09aeaa3dba577a38ac2ead2bac"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8a056bd2177d12192b11798b7ac3e013"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1162",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1162"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204298 - security advisory"
},
{
"title": "CVE-2018-16890",
"trust": 0.1,
"url": "https://github.com/zjw88282740/cve-2018-16890 "
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/korayagaya/trivyweb "
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/michwqy/cve "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/mohzeela/external-secret "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/vulnerability-scanner-for-containers "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
},
{
"title": "CVE-POC",
"trust": 0.1,
"url": "https://github.com/0xt11/cve-poc "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/nomi-sec/poc-in-github "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
},
{
"problemtype": "CWE-190",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "http://www.securityfocus.com/bid/106947"
},
{
"trust": 2.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16890"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3701"
},
{
"trust": 2.2,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"trust": 2.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"trust": 2.1,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"trust": 2.1,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"trust": 2.1,
"url": "https://curl.haxx.se/docs/cve-2018-16890.html"
},
{
"trust": 2.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k03314397?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 1.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-04"
},
{
"trust": 0.9,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/b780b30d"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16890"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3cdevnull.infra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k03314397?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75218"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10881996"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78786"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10876554"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159727/red-hat-security-advisory-2020-4298-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78194"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3822"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3823"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k03314397?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/190.html"
},
{
"trust": 0.1,
"url": "https://github.com/zjw88282740/cve-2018-16890"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59578"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.20"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3882-1"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3822"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3823"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "BID",
"id": "106947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-127295"
},
{
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"db": "BID",
"id": "106947"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-127295"
},
{
"date": "2019-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"date": "2019-02-06T00:00:00",
"db": "BID",
"id": "106947"
},
{
"date": "2019-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"date": "2019-02-07T16:32:00",
"db": "PACKETSTORM",
"id": "151568"
},
{
"date": "2019-11-06T15:57:33",
"db": "PACKETSTORM",
"id": "155162"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2019-02-06T22:35:20",
"db": "PACKETSTORM",
"id": "151566"
},
{
"date": "2019-02-07T16:32:06",
"db": "PACKETSTORM",
"id": "151569"
},
{
"date": "2019-02-06T20:29:00.243000",
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"date": "2019-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-127295"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-16890"
},
{
"date": "2019-07-17T08:00:00",
"db": "BID",
"id": "106947"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014466"
},
{
"date": "2023-11-07T02:53:57.803000",
"db": "NVD",
"id": "CVE-2018-16890"
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014466"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-122"
}
],
"trust": 0.6
}
}
var-201902-0101
Vulnerability from variot
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn't NUL terminated and contains no character ending the parsed number, and len is set to 5, then the strtol() call reads beyond the allocated buffer. The read contents will not be returned to the caller. libcurl Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to the following vulnerabilities:
1. A stack-based buffer-overflow vulnerability
2. A heap-based buffer-overflow vulnerability
Attackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed.
cURL/libcURL versions 7.36.0 through 7.63.0 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201903-03
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: March 10, 2019 Bugs: #665292, #670026, #677346 ID: 201903-03
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which could result in a Denial of Service condition.
Background
A command line tool and library for transferring data with URLs.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.64.0 >= 7.64.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.64.0"
References
[ 1 ] CVE-2018-14618 https://nvd.nist.gov/vuln/detail/CVE-2018-14618 [ 2 ] CVE-2018-16839 https://nvd.nist.gov/vuln/detail/CVE-2018-16839 [ 3 ] CVE-2018-16840 https://nvd.nist.gov/vuln/detail/CVE-2018-16840 [ 4 ] CVE-2018-16842 https://nvd.nist.gov/vuln/detail/CVE-2018-16842 [ 5 ] CVE-2019-3822 https://nvd.nist.gov/vuln/detail/CVE-2019-3822 [ 6 ] CVE-2019-3823 https://nvd.nist.gov/vuln/detail/CVE-2019-3823
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201903-03
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
CVE-2018-16890
Wenxiang Qian of Tencent Blade Team discovered that the function
handling incoming NTLM type-2 messages does not validate incoming
data correctly and is subject to an integer overflow vulnerability,
which could lead to an out-of-bounds buffer read.
CVE-2019-3822
Wenxiang Qian of Tencent Blade Team discovered that the function
creating an outgoing NTLM type-3 header is subject to an integer
overflow vulnerability, which could lead to an out-of-bounds write.
For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u9.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi RygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7 Hl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp k1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh RFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ cSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z dccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm zXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u rAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2 Hg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB u3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa zi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC -----END PGP SIGNATURE----- . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2019:3701-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3701 Issue date: 2019-11-05 CVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 CVE-2019-3823 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
-
curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)
-
wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
-
curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)
-
curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c 1669156 - connection re-use does not work for SCP and SFTP 1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read 1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow 1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: curl-7.61.1-11.el8.src.rpm
aarch64: curl-7.61.1-11.el8.aarch64.rpm curl-debuginfo-7.61.1-11.el8.aarch64.rpm curl-debugsource-7.61.1-11.el8.aarch64.rpm curl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-7.61.1-11.el8.aarch64.rpm libcurl-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-devel-7.61.1-11.el8.aarch64.rpm libcurl-minimal-7.61.1-11.el8.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm
ppc64le: curl-7.61.1-11.el8.ppc64le.rpm curl-debuginfo-7.61.1-11.el8.ppc64le.rpm curl-debugsource-7.61.1-11.el8.ppc64le.rpm curl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-7.61.1-11.el8.ppc64le.rpm libcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-devel-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm
s390x: curl-7.61.1-11.el8.s390x.rpm curl-debuginfo-7.61.1-11.el8.s390x.rpm curl-debugsource-7.61.1-11.el8.s390x.rpm curl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-7.61.1-11.el8.s390x.rpm libcurl-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-devel-7.61.1-11.el8.s390x.rpm libcurl-minimal-7.61.1-11.el8.s390x.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm
x86_64: curl-7.61.1-11.el8.x86_64.rpm curl-debuginfo-7.61.1-11.el8.i686.rpm curl-debuginfo-7.61.1-11.el8.x86_64.rpm curl-debugsource-7.61.1-11.el8.i686.rpm curl-debugsource-7.61.1-11.el8.x86_64.rpm curl-minimal-debuginfo-7.61.1-11.el8.i686.rpm curl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-7.61.1-11.el8.i686.rpm libcurl-7.61.1-11.el8.x86_64.rpm libcurl-debuginfo-7.61.1-11.el8.i686.rpm libcurl-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-devel-7.61.1-11.el8.i686.rpm libcurl-devel-7.61.1-11.el8.x86_64.rpm libcurl-minimal-7.61.1-11.el8.i686.rpm libcurl-minimal-7.61.1-11.el8.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-16890 https://access.redhat.com/security/cve/CVE-2018-20483 https://access.redhat.com/security/cve/CVE-2019-3822 https://access.redhat.com/security/cve/CVE-2019-3823 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm jIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j owx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A FfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56 tvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW jlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO I5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2 Rfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq OKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc szJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq l4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0 PK6rxvdCr2I= =8Z+p -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3882-1 February 06, 2019
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in curl. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890)
Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822)
Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service. (CVE-2019-3823)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: curl 7.61.0-1ubuntu2.3 libcurl3-gnutls 7.61.0-1ubuntu2.3 libcurl3-nss 7.61.0-1ubuntu2.3 libcurl4 7.61.0-1ubuntu2.3
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.6 libcurl3-gnutls 7.58.0-2ubuntu3.6 libcurl3-nss 7.58.0-2ubuntu3.6 libcurl4 7.58.0-2ubuntu3.6
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.12 libcurl3 7.47.0-1ubuntu2.12 libcurl3-gnutls 7.47.0-1ubuntu2.12 libcurl3-nss 7.47.0-1ubuntu2.12
Ubuntu 14.04 LTS: curl 7.35.0-1ubuntu2.20 libcurl3 7.35.0-1ubuntu2.20 libcurl3-gnutls 7.35.0-1ubuntu2.20 libcurl3-nss 7.35.0-1ubuntu2.20
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: NTLM type-2 out-of-bounds buffer read. NTLMv2 type-3 header stack buffer overflow. SMTP end-of-response out-of-bounds read. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: e57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: f599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz
Slackware -current package: 9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz
Slackware x86_64 -current package: 869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.64.0-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "communications operations monitor",
"scope": "eq",
"trust": 1.3,
"vendor": "oracle",
"version": "3.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "*"
},
{
"model": "libcurl",
"scope": "gte",
"trust": 1.0,
"vendor": "haxx",
"version": "7.34.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "libcurl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.64.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "libcurl",
"scope": null,
"trust": 0.8,
"vendor": "haxx",
"version": null
},
{
"model": "clustered data ontap",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "18.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "sinema remote connect client",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "services tools bundle",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "19.2"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.14"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.13"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "8.0.11"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.26"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.25"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.24"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.23"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.22"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.21"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.20"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.19"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.18"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.17"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.16"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.15"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7.12"
},
{
"model": "mysql server",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.7"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.4"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 0.3,
"vendor": "netapp",
"version": "0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.2"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.62"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.61"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.60"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.59"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.58"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.56"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.55"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.54"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.53"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.51"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.47"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.46"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.45"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.43"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.36"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.63.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.57.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.52.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.50.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.49.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.48.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.42.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.39.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 0.3,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "sinema remote connect client hf1",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "libcurl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64"
},
{
"model": "curl",
"scope": "ne",
"trust": 0.3,
"vendor": "haxx",
"version": "7.64.0"
}
],
"sources": [
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.64.0",
"versionStartIncluding": "7.34.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Carpenter, Geeknik Labs and Wenxiang Qian from Tencent Blade Team.,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-3823",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-3823",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3823",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2019-3823",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-125",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3823",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn\u0027t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. libcurl Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to the following vulnerabilities:\n1. A stack-based buffer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\nAttackers can exploit these issues to cause denial-of-service conditions. Due to the nature of these issues, arbitrary code execution may be possible, but this has not been confirmed. \ncURL/libcURL versions 7.36.0 through 7.63.0 are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201903-03\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: March 10, 2019\n Bugs: #665292, #670026, #677346\n ID: 201903-03\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nA command line tool and library for transferring data with URLs. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.64.0 \u003e= 7.64.0 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.64.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-14618\n https://nvd.nist.gov/vuln/detail/CVE-2018-14618\n[ 2 ] CVE-2018-16839\n https://nvd.nist.gov/vuln/detail/CVE-2018-16839\n[ 3 ] CVE-2018-16840\n https://nvd.nist.gov/vuln/detail/CVE-2018-16840\n[ 4 ] CVE-2018-16842\n https://nvd.nist.gov/vuln/detail/CVE-2018-16842\n[ 5 ] CVE-2019-3822\n https://nvd.nist.gov/vuln/detail/CVE-2019-3822\n[ 6 ] CVE-2019-3823\n https://nvd.nist.gov/vuln/detail/CVE-2019-3823\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-03\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nCVE-2018-16890\n\n Wenxiang Qian of Tencent Blade Team discovered that the function\n handling incoming NTLM type-2 messages does not validate incoming\n data correctly and is subject to an integer overflow vulnerability,\n which could lead to an out-of-bounds buffer read. \n\nCVE-2019-3822\n\n Wenxiang Qian of Tencent Blade Team discovered that the function\n creating an outgoing NTLM type-3 header is subject to an integer\n overflow vulnerability, which could lead to an out-of-bounds write. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 7.52.1-5+deb9u9. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi\nRygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7\nHl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp\nk1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh\nRFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ\ncSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z\ndccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm\nzXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u\nrAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2\nHg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB\nu3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa\nzi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: curl security and bug fix update\nAdvisory ID: RHSA-2019:3701-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3701\nIssue date: 2019-11-05\nCVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 \n CVE-2019-3823 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890)\n\n* wget: Information exposure in set_file_metadata function in xattr.c\n(CVE-2018-20483)\n\n* curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822)\n\n* curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c\n1669156 - connection re-use does not work for SCP and SFTP\n1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read\n1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow\n1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\ncurl-7.61.1-11.el8.src.rpm\n\naarch64:\ncurl-7.61.1-11.el8.aarch64.rpm\ncurl-debuginfo-7.61.1-11.el8.aarch64.rpm\ncurl-debugsource-7.61.1-11.el8.aarch64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-7.61.1-11.el8.aarch64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.aarch64.rpm\nlibcurl-devel-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-7.61.1-11.el8.aarch64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm\n\nppc64le:\ncurl-7.61.1-11.el8.ppc64le.rpm\ncurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\ncurl-debugsource-7.61.1-11.el8.ppc64le.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-7.61.1-11.el8.ppc64le.rpm\nlibcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm\nlibcurl-devel-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-7.61.1-11.el8.ppc64le.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm\n\ns390x:\ncurl-7.61.1-11.el8.s390x.rpm\ncurl-debuginfo-7.61.1-11.el8.s390x.rpm\ncurl-debugsource-7.61.1-11.el8.s390x.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-7.61.1-11.el8.s390x.rpm\nlibcurl-debuginfo-7.61.1-11.el8.s390x.rpm\nlibcurl-devel-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-7.61.1-11.el8.s390x.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm\n\nx86_64:\ncurl-7.61.1-11.el8.x86_64.rpm\ncurl-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-debuginfo-7.61.1-11.el8.x86_64.rpm\ncurl-debugsource-7.61.1-11.el8.i686.rpm\ncurl-debugsource-7.61.1-11.el8.x86_64.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\ncurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-7.61.1-11.el8.i686.rpm\nlibcurl-7.61.1-11.el8.x86_64.rpm\nlibcurl-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-debuginfo-7.61.1-11.el8.x86_64.rpm\nlibcurl-devel-7.61.1-11.el8.i686.rpm\nlibcurl-devel-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-7.61.1-11.el8.x86_64.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm\nlibcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-16890\nhttps://access.redhat.com/security/cve/CVE-2018-20483\nhttps://access.redhat.com/security/cve/CVE-2019-3822\nhttps://access.redhat.com/security/cve/CVE-2019-3823\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm\njIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j\nowx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A\nFfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56\ntvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW\njlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO\nI5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2\nRfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq\nOKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc\nszJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq\nl4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0\nPK6rxvdCr2I=\n=8Z+p\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3882-1\nFebruary 06, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. A remote attacker could possibly use this issue to\ncause curl to crash, resulting in a denial of service. This issue only\napplied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-16890)\n\nWenxiang Qian discovered that curl incorrectly handled certain NTLMv2\nauthentication messages. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04\nLTS, and Ubuntu 18.10. (CVE-2019-3822)\n\nBrian Carpenter discovered that curl incorrectly handled certain SMTP\nresponses. A remote attacker could possibly use this issue to cause curl to\ncrash, resulting in a denial of service. (CVE-2019-3823)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n curl 7.61.0-1ubuntu2.3\n libcurl3-gnutls 7.61.0-1ubuntu2.3\n libcurl3-nss 7.61.0-1ubuntu2.3\n libcurl4 7.61.0-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.6\n libcurl3-gnutls 7.58.0-2ubuntu3.6\n libcurl3-nss 7.58.0-2ubuntu3.6\n libcurl4 7.58.0-2ubuntu3.6\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.12\n libcurl3 7.47.0-1ubuntu2.12\n libcurl3-gnutls 7.47.0-1ubuntu2.12\n libcurl3-nss 7.47.0-1ubuntu2.12\n\nUbuntu 14.04 LTS:\n curl 7.35.0-1ubuntu2.20\n libcurl3 7.35.0-1ubuntu2.20\n libcurl3-gnutls 7.35.0-1ubuntu2.20\n libcurl3-nss 7.35.0-1ubuntu2.20\n\nIn general, a standard system update will make all the necessary changes. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. \n This release fixes the following security issues:\n NTLM type-2 out-of-bounds buffer read. \n NTLMv2 type-3 header stack buffer overflow. \n SMTP end-of-response out-of-bounds read. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nf599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz\n\nSlackware x86_64 -current package:\n869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.64.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3823",
"trust": 3.4
},
{
"db": "BID",
"id": "106950",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-936080",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-436177",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSA-19-099-04",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152034",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.1084",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0846",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3700",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0381.3",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-21-068-10",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-3823",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151568",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155162",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151566",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151569",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
]
},
"id": "VAR-201902-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.68333334
},
"last_update_date": "2023-12-18T10:56:17.864000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4386",
"trust": 0.8,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"title": "NTAP-20190315-0001",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"title": "SMTP end-of-response out-of-bounds read",
"trust": 0.8,
"url": "https://curl.haxx.se/docs/cve-2019-3823.html"
},
{
"title": "USN-3882-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"title": "Red Hat: Moderate: curl security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20193701 - security advisory"
},
{
"title": "Red Hat: CVE-2019-3823",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2019-3823"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3882-1"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-3823"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=17333d813b4221a6afc6ca8faac611f6"
},
{
"title": "Arch Linux Advisories: [ASA-201902-13] lib32-curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-13"
},
{
"title": "Arch Linux Advisories: [ASA-201902-9] curl: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-9"
},
{
"title": "Arch Linux Advisories: [ASA-201902-10] libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-10"
},
{
"title": "Arch Linux Advisories: [ASA-201902-12] lib32-libcurl-compat: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-12"
},
{
"title": "Arch Linux Advisories: [ASA-201902-11] lib32-libcurl-gnutls: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201902-11"
},
{
"title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=22decc09aeaa3dba577a38ac2ead2bac"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8a056bd2177d12192b11798b7ac3e013"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1162",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1162"
},
{
"title": "IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0b05dc856c1be71db871bcea94f6fa8d"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204298 - security advisory"
},
{
"title": "TrivyWeb",
"trust": 0.1,
"url": "https://github.com/korayagaya/trivyweb "
},
{
"title": "cve",
"trust": 0.1,
"url": "https://github.com/michwqy/cve "
},
{
"title": "github_aquasecurity_trivy",
"trust": 0.1,
"url": "https://github.com/back8/github_aquasecurity_trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/simiyo/trivy "
},
{
"title": "security",
"trust": 0.1,
"url": "https://github.com/umahari/security "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/mohzeela/external-secret "
},
{
"title": "Vulnerability-Scanner-for-Containers",
"trust": 0.1,
"url": "https://github.com/t31m0/vulnerability-scanner-for-containers "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/aquasecurity/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/knqyf263/trivy "
},
{
"title": "trivy",
"trust": 0.1,
"url": "https://github.com/siddharthraopotukuchi/trivy "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/106950"
},
{
"trust": 2.5,
"url": "https://access.redhat.com/errata/rhsa-2019:3701"
},
{
"trust": 2.0,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3823"
},
{
"trust": 2.0,
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 2.0,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3823"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201903-03"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf"
},
{
"trust": 1.5,
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"trust": 1.4,
"url": "https://curl.haxx.se/docs/cve-2019-3823.html"
},
{
"trust": 1.4,
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3cdevnull.infra.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3822"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3823"
},
{
"trust": 0.9,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.9,
"url": "https://curl.haxx.se/download.html"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/86724581b6c"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/39df4073"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/2766262a68"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-04"
},
{
"trust": 0.9,
"url": "https://github.com/curl/curl/commit/50c94842"
},
{
"trust": 0.9,
"url": "https://curl.haxx.se/docs/cve-2019-3822.html"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3822"
},
{
"trust": 0.9,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"trust": 0.9,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3823"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3cdevnull.infra.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.debian.org/security/2019/dsa-4386third party advisory"
},
{
"trust": 0.6,
"url": "https://usn.ubuntu.com/3882-1/third party advisory"
},
{
"trust": 0.6,
"url": "https://curl.haxx.se/docs/cve-2019-3823.htmlpatchvendor advisory"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-3823exploitissue trackingthird party advisory"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75218"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10881996"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3700/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-10"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152034/gentoo-linux-security-advisory-201903-03.html"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10876554"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0846"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78194"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3822"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-16890"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-20483"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16842"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16840"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16839"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/curl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8768"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8535"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10743"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8518"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8611"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8203"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8676"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17451"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1547"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7664"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8607"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5482"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14973"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8623"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15366"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8690"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13752"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8601"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7146"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8524"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8536"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8686"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8544"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12049"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8571"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19519"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8677"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8558"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12447"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12795"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20657"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3844"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6454"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14336"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8619"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4298"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8622"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7598"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8681"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3825"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-6706"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8559"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8687"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13822"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19923"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16769"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8672"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14822"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7662"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7665"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8457"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5953"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8689"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15847"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11236"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19924"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8726"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8596"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8610"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13636"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11070"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-7149"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-16056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11110"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19959"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8563"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10531"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10715"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8609"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8587"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-18751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8583"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-9251"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-8597"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.20"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3882-1"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3822"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16890"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"db": "BID",
"id": "106950"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"db": "PACKETSTORM",
"id": "152034"
},
{
"db": "PACKETSTORM",
"id": "151568"
},
{
"db": "PACKETSTORM",
"id": "159727"
},
{
"db": "PACKETSTORM",
"id": "155162"
},
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "PACKETSTORM",
"id": "151569"
},
{
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-06T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"date": "2019-02-06T00:00:00",
"db": "BID",
"id": "106950"
},
{
"date": "2019-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"date": "2019-03-11T18:48:31",
"db": "PACKETSTORM",
"id": "152034"
},
{
"date": "2019-02-07T16:32:00",
"db": "PACKETSTORM",
"id": "151568"
},
{
"date": "2020-10-27T16:59:02",
"db": "PACKETSTORM",
"id": "159727"
},
{
"date": "2019-11-06T15:57:33",
"db": "PACKETSTORM",
"id": "155162"
},
{
"date": "2019-02-06T22:35:20",
"db": "PACKETSTORM",
"id": "151566"
},
{
"date": "2019-02-07T16:32:06",
"db": "PACKETSTORM",
"id": "151569"
},
{
"date": "2019-02-06T20:29:00.400000",
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"date": "2019-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3823"
},
{
"date": "2019-07-17T06:00:00",
"db": "BID",
"id": "106950"
},
{
"date": "2019-03-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001681"
},
{
"date": "2023-11-07T03:10:12.930000",
"db": "NVD",
"id": "CVE-2019-3823"
},
{
"date": "2021-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "151566"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libcurl Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001681"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-125"
}
],
"trust": 0.6
}
}
cve-2024-32006
Vulnerability from cvelistv5
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens | SINEMA Remote Connect Client |
Version: 0 < V3.2 SP2 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:27:17.591742Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T18:27:26.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Client",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:36:29.757Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-417159.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-32006",
"datePublished": "2024-09-10T09:36:29.757Z",
"dateReserved": "2024-04-08T14:04:43.846Z",
"dateUpdated": "2024-09-10T18:27:26.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39568
Vulnerability from cvelistv5
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens | SINEMA Remote Connect Client |
Version: 0 < V3.2 HF1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinema_remote_connect_client:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinema_remote_connect_client",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2HF1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39568",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T13:43:31.750107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T13:45:05.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Client",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2 HF1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:05:12.815Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-39568",
"datePublished": "2024-07-09T12:05:12.815Z",
"dateReserved": "2024-06-25T15:55:17.885Z",
"dateUpdated": "2024-08-02T04:26:15.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31338
Vulnerability from cvelistv5
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens | SINEMA Remote Connect Client |
Version: All versions < V3.0 SP1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEMA Remote Connect Client",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15: External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-19T10:00:11",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEMA Remote Connect Client",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.0 SP1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-15: External Control of System or Configuration Setting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31338",
"datePublished": "2021-08-19T10:00:11",
"dateReserved": "2021-04-15T00:00:00",
"dateUpdated": "2024-08-03T22:55:53.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-42344
Vulnerability from cvelistv5
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens | SINEMA Remote Connect Client |
Version: 0 < V3.2 SP2 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:54:03.621110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:54:10.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Client",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users\u0027 configuration data."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T09:36:47.430Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-417159.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-42344",
"datePublished": "2024-09-10T09:36:47.430Z",
"dateReserved": "2024-07-30T11:53:04.709Z",
"dateUpdated": "2024-09-10T14:54:10.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39569
Vulnerability from cvelistv5
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens | SINEMA Remote Connect Client |
Version: 0 < V3.2 HF1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinema_remote_connect_client",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.2hf1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T13:22:39.927612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T13:24:19.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Client",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2 HF1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:05:14.075Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-39569",
"datePublished": "2024-07-09T12:05:14.075Z",
"dateReserved": "2024-06-25T15:55:17.885Z",
"dateUpdated": "2024-08-02T04:26:15.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-22045
Vulnerability from cvelistv5
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens | SINEMA Remote Connect Client |
Version: 0 < V3.1 SP1 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22045",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T16:10:09.727210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:08.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Client",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T10:21:58.614Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-22045",
"datePublished": "2024-03-12T10:21:58.614Z",
"dateReserved": "2024-01-04T13:24:07.552Z",
"dateUpdated": "2024-08-01T22:35:34.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39567
Vulnerability from cvelistv5
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Siemens | SINEMA Remote Connect Client |
Version: 0 < V3.2 HF1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinema_remote_connect_client",
"vendor": "siemens",
"versions": [
{
"lessThan": "V3.2 HF1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:51:36.791074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T13:55:49.972Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Client",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2 HF1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:05:11.543Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-39567",
"datePublished": "2024-07-09T12:05:11.543Z",
"dateReserved": "2024-06-25T15:55:17.885Z",
"dateUpdated": "2024-08-02T04:26:16.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}