fkie_cve-2019-13118
Vulnerability from fkie_nvd
Published
2019-07-01 02:15
Modified
2024-11-21 04:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Aug/11Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Aug/13Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Aug/14Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Aug/15Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Jul/22Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Jul/23Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Jul/24Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Jul/26Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Jul/31Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Jul/37Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/Jul/38Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/11/17/2Mailing List, Third Party Advisory
cve@mitre.orghttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069Permissions Required
cve@mitre.orghttps://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71bPatch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/07/msg00020.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
cve@mitre.orghttps://oss-fuzz.com/testcase-detail/5197371471822848Permissions Required
cve@mitre.orghttps://seclists.org/bugtraq/2019/Aug/21Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Aug/22Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Aug/23Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Aug/25Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Jul/35Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Jul/36Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Jul/37Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Jul/40Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Jul/41Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Jul/42Mailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190806-0004/Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200122-0003/Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT210346Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT210348Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT210351Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT210353Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT210356Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT210357Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT210358Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4164-1/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Aug/11Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Aug/13Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Aug/14Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Aug/15Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Jul/22Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Jul/23Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Jul/24Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Jul/26Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Jul/31Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Jul/37Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/Jul/38Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/11/17/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71bPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/07/msg00020.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/
af854a3a-2127-422b-91ae-364da2661108https://oss-fuzz.com/testcase-detail/5197371471822848Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/21Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/22Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/23Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Aug/25Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jul/35Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jul/36Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jul/37Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jul/40Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jul/41Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jul/42Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190806-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200122-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210346Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210348Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210351Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210353Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210356Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210357Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT210358Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4164-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
Impacted products
Vendor Product Version
xmlsoft libxslt 1.1.33
opensuse leap 15.1
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp cloud_backup -
netapp clustered_data_ontap -
netapp e-series_performance_analyzer -
netapp e-series_santricity_management_plug-ins -
netapp e-series_santricity_os_controller *
netapp e-series_santricity_storage_manager -
netapp e-series_santricity_web_services -
netapp oncommand_insight -
netapp oncommand_workflow_automation -
netapp ontap_select_deploy_administration_utility -
netapp plug-in_for_symantec_netbackup -
netapp santricity_unified_manager -
netapp steelstore_cloud_integrated_storage -
oracle jdk 1.8.0
fedoraproject fedora 31
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 19.04
canonical ubuntu_linux 19.10
apple icloud *
apple icloud *
apple itunes *
apple iphone_os *
apple mac_os_x 10.12.6
apple mac_os_x 10.12.6
apple mac_os_x 10.12.6
apple mac_os_x 10.13.6
apple mac_os_x 10.13.6
apple mac_os_x 10.13.6
apple macos *
apple tvos *


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:xmlsoft:libxslt:1.1.33:*:*:*:*:*:*:*",
                     matchCriteriaId: "BBF9724E-ED48-45EB-92DF-1223ECF12693",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
                     matchCriteriaId: "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
                     matchCriteriaId: "B55E8D50-99B4-47EC-86F9-699B67D473CE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "1FE996B1-6951-4F85-AA58-B99A379D2163",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "24B8DB06-590A-4008-B0AB-FCD1401C77C6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_management_plug-ins:-:*:*:*:*:vmware_vcenter:*:*",
                     matchCriteriaId: "280520BC-070C-4423-A633-E6FE45E53D57",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "433D435D-13D0-4EAA-ACD9-DD88DA712D00",
                     versionEndIncluding: "11.50.2",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D9CC59D-6182-4B5E-96B5-226FCD343916",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
                     matchCriteriaId: "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5735E553-9731-4AAC-BCFF-989377F817B3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FFE0A9D2-9A49-4BF6-BC6F-8249162D8334",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:santricity_unified_manager:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "A372B177-F740-4655-865C-31777A6E140B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oracle:jdk:1.8.0:update231:*:*:*:*:*:*",
                     matchCriteriaId: "8836399B-AA1F-45DB-A423-B41A93A14281",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
                     matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
                     matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                     matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "086B8913-51FE-4FCA-AB2C-47541F2C3252",
                     versionEndExcluding: "7.13",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "71143206-77A6-4B8F-964B-FD4E00C1AE60",
                     versionEndExcluding: "10.6",
                     versionStartIncluding: "10.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
                     matchCriteriaId: "F3310BC8-34F6-4C8A-B6B8-FCEB9033902B",
                     versionEndExcluding: "12.9.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "78127EE5-23FE-4C66-B7EE-2CF3E19F0503",
                     versionEndExcluding: "12.4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "4353B3DF-2371-4A6F-9FF8-2CC3EF7DC4F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "A0334DC1-4D8C-448C-84B3-310499118B44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "F80F3626-D093-45F4-80A1-3DB1EC94E0F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*",
                     matchCriteriaId: "754A2DF4-8724-4448-A2AB-AC5442029CB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*",
                     matchCriteriaId: "D392C777-1949-4920-B459-D083228E4688",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*",
                     matchCriteriaId: "68B0A232-F2A4-4B87-99EB-3A532DFA87DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DABA4F3-D814-4190-BDD7-C2F3DBBD9E1A",
                     versionEndExcluding: "10.14.6",
                     versionStartIncluding: "10.4.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC281794-DEC0-4C8A-8B92-F8E5D8785EF6",
                     versionEndExcluding: "12.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.",
      },
      {
         lang: "es",
         value: "En el archivo numbers.c en libxslt versión 1.1.33, un tipo que contiene caracteres de agrupación de una instrucción xsl:number era demasiado estrecho y una combinación de carácter/longitud no válida se podía ser pasada a la función xsltNumberFormatDecimal, conllevando a una lectura de los datos de pila no inicializados.",
      },
   ],
   id: "CVE-2019-13118",
   lastModified: "2024-11-21T04:24:13.817",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-07-01T02:15:09.800",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Aug/11",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Aug/13",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Aug/14",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Aug/15",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/22",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/23",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/24",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/26",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/31",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/37",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/38",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/11/17/2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Permissions Required",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Permissions Required",
         ],
         url: "https://oss-fuzz.com/testcase-detail/5197371471822848",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/21",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/22",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/23",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/25",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/35",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/36",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/37",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/40",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/41",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/42",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190806-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200122-0003/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210346",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210348",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210351",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210353",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210356",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210357",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210358",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4164-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00062.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Aug/11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Aug/13",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Aug/14",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Aug/15",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/22",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/24",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/26",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/31",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/37",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2019/Jul/38",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/11/17/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15069",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOYJKXPQCUNBMMQJWYXOR6QRUJZHEDRZ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://oss-fuzz.com/testcase-detail/5197371471822848",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/21",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/22",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/23",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Aug/25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/35",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/36",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/37",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/40",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/41",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://seclists.org/bugtraq/2019/Jul/42",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190806-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20200122-0003/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210346",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210348",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210351",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210353",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210356",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210357",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT210358",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/4164-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-843",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.