var-201905-0095
Vulnerability from variot
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.65.0-i586-1_slack14.2.txz: Upgraded. This release fixes the following security issues: Integer overflows in curl_url_set tftp: use the current blksize for recvfrom() For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.65.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.65.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.65.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.65.0-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.65.0-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.65.0-x86_64-1_slack14.2.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.65.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.65.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: 6e09fa0f3bf3899629f78338886b8166 curl-7.65.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 55613986ed81a77a573976161b5b76fa curl-7.65.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: 4317a7f249ca9dc8fdd9c4470335c140 curl-7.65.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 1a0cfbced24644f121dcd3140c378d85 curl-7.65.0-x86_64-1_slack14.1.txz
Slackware 14.2 package: 0112a5878893a036364b3792bb62de6c curl-7.65.0-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 794f036ca4ae31aaad11bdb3e4f1b7d9 curl-7.65.0-x86_64-1_slack14.2.txz
Slackware -current package: 82112f6caf0dc1d94340b4cf6a3eb001 n/curl-7.65.0-i586-1.txz
Slackware x86_64 -current package: df9c4d1a59fe2f191fd20035c0fcff29 n/curl-7.65.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.65.0-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. ========================================================================== Ubuntu Security Notice USN-3993-1 May 22, 2019
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in curl. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435)
It was discovered that curl incorrectly handled memory when receiving data from a TFTP server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-5436)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.04: curl 7.64.0-2ubuntu1.1 libcurl3-gnutls 7.64.0-2ubuntu1.1 libcurl3-nss 7.64.0-2ubuntu1.1 libcurl4 7.64.0-2ubuntu1.1
Ubuntu 18.10: curl 7.61.0-1ubuntu2.4 libcurl3-gnutls 7.61.0-1ubuntu2.4 libcurl3-nss 7.61.0-1ubuntu2.4 libcurl4 7.61.0-1ubuntu2.4
Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.7 libcurl3-gnutls 7.58.0-2ubuntu3.7 libcurl3-nss 7.58.0-2ubuntu3.7 libcurl4 7.58.0-2ubuntu3.7
Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.13 libcurl3 7.47.0-1ubuntu2.13 libcurl3-gnutls 7.47.0-1ubuntu2.13 libcurl3-nss 7.47.0-1ubuntu2.13
In general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64
- This only affects the oldstable distribution (stretch).
CVE-2019-5481
Thomas Vegas discovered a double-free in the FTP-KRB code, triggered
by a malicious server sending a very large data block.
For the oldstable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u10.
For the stable distribution (buster), these problems have been fixed in version 7.64.0-4+deb10u1.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi RyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5 eQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU aP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU G86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F tR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7 KLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e qVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH ZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj KbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW G9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30 KqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b -----END PGP SIGNATURE----- . Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
-
SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)
-
grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624)
-
js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358)
-
npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769)
-
kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013)
-
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598)
-
npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
-
jQuery: passing HTML containing
-
grafana: stored XSS (CVE-2020-11110)
-
grafana: XSS annotation popup vulnerability (CVE-2020-12052)
-
grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)
-
nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)
-
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
openshift/console: text injection on error page via crafted url (CVE-2020-10715)
-
kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743)
-
openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution:
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing
-
8) - aarch64, ppc64le, s390x, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: curl security and bug fix update Advisory ID: RHSA-2020:1020-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1020 Issue date: 2020-03-31 CVE Names: CVE-2019-5436 =====================================================================
- Summary:
An update for curl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function 1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice 1769307 - curl fails while attempting to POST a char device
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
ppc64: curl-7.29.0-57.el7.ppc64.rpm curl-debuginfo-7.29.0-57.el7.ppc.rpm curl-debuginfo-7.29.0-57.el7.ppc64.rpm libcurl-7.29.0-57.el7.ppc.rpm libcurl-7.29.0-57.el7.ppc64.rpm libcurl-devel-7.29.0-57.el7.ppc.rpm libcurl-devel-7.29.0-57.el7.ppc64.rpm
ppc64le: curl-7.29.0-57.el7.ppc64le.rpm curl-debuginfo-7.29.0-57.el7.ppc64le.rpm libcurl-7.29.0-57.el7.ppc64le.rpm libcurl-devel-7.29.0-57.el7.ppc64le.rpm
s390x: curl-7.29.0-57.el7.s390x.rpm curl-debuginfo-7.29.0-57.el7.s390.rpm curl-debuginfo-7.29.0-57.el7.s390x.rpm libcurl-7.29.0-57.el7.s390.rpm libcurl-7.29.0-57.el7.s390x.rpm libcurl-devel-7.29.0-57.el7.s390.rpm libcurl-devel-7.29.0-57.el7.s390x.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: curl-7.29.0-57.el7.src.rpm
x86_64: curl-7.29.0-57.el7.x86_64.rpm curl-debuginfo-7.29.0-57.el7.i686.rpm curl-debuginfo-7.29.0-57.el7.x86_64.rpm libcurl-7.29.0-57.el7.i686.rpm libcurl-7.29.0-57.el7.x86_64.rpm libcurl-devel-7.29.0-57.el7.i686.rpm libcurl-devel-7.29.0-57.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-5436 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXoObWtzjgjWX9erEAQiZbxAAqKGZZqZXMjb1Ia8ST1HZTC8mBxlxQM9Z qwT3r0czzMc2PaMlmMbvBPr7JLybKl9bxb8ufMhCAQwvOYsIZ6mLlV+dwLVnpDJr u+I9HhOBjsJgbzspOl8XuyRyylcOXiZmDbuU5JarhGvrMgApHujgzxMwXDedApPP MvtbhMHNOiTrYXhMy6IrTkPoFdPaziNWLAw1TTbfMSsF2C9CUjXCpmRpv+ttq85q 9Ms3wbGuS2tDm9/6grtarY3SxeSoaMg0VR3YJQ4J7jIXoeeHxQSs0K1mBVekEZ9r JcqgynjNqEQP1dcfzOxorRcXD7i2NFC1WLGdAM16KlETiN3Fpcb4nVF+0phU3ea+ hJsKwKEAb6CX+qLi/uITr6m0xYy323QTNCvOHX/xtf6EnpJhq1UsltBOzm/KjL1T N0ClNjEs7/57TEIwE9u3LhDuPfQfdkewRv2QEqLdpNw5JqT8p+dxlrJNzCTkbFPc bgmHZdvfJ5blQweL/ejCE5zmr9jKYbhqyrdBn7sxKj1gn6R9ZHcX14pljDbLAjp/ cBWx9zscU82xyh49QAl8VHabiHpOU9c7SaUz+9G3WzZboaJNUoBrPTPvsXg1nGW7 0f3qjx/Y3/MRR8qCNL7VtNA+8QCGryMU+Gs5cxNnWmtfW0i5kpHCU7cxk/+ig2JZ M95S58Xnb8U= =UHVC -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0095", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.3.3" }, { "model": "libcurl", "scope": "lte", "trust": 1.0, "vendor": "haxx", "version": "7.64.1" }, { "model": "mysql server", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.7.28" }, { "model": "libcurl", "scope": "gte", "trust": 1.0, "vendor": "haxx", "version": "7.19.4" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "oss support tools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.0" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.17" }, { "model": "solidfire", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "42.3" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.0" }, { "model": "traffix signaling delivery controller", "scope": "lte", "trust": 1.0, "vendor": "f5", "version": "5.1.0" }, { "model": "traffix signaling delivery controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "5.0.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "hci management node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.7.27" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.4.0" }, { "model": "libcurl", "scope": "eq", "trust": 0.8, "vendor": "haxx", "version": "7.19.4 to 7.64.1" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "db": "NVD", "id": "CVE-2019-5436" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.64.1", "versionStartIncluding": "7.19.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.1.0", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.7.27", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.17", "versionStartIncluding": "5.7.28", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:oss_support_tools:20.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-5436" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Ubuntu,Debian,Red Hat,Slackware Security Team,l00p3r.,Gentoo", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-933" } ], "trust": 0.6 }, "cve": "CVE-2019-5436", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 4.6, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2019-5436", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-156871", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-5436", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-5436", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201905-933", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-156871", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-5436", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-156871" }, { "db": "VULMON", "id": "CVE-2019-5436" }, { "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "db": "CNNVD", "id": "CNNVD-201905-933" }, { "db": "NVD", "id": "CVE-2019-5436" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. libcurl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Haxx libcurl is an open source client URL transfer library from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.65.0-i586-1_slack14.2.txz: Upgraded. \n This release fixes the following security issues:\n Integer overflows in curl_url_set\n tftp: use the current blksize for recvfrom()\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5435\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.65.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.65.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.65.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.65.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.65.0-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.65.0-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.65.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.65.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 package:\n6e09fa0f3bf3899629f78338886b8166 curl-7.65.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n55613986ed81a77a573976161b5b76fa curl-7.65.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n4317a7f249ca9dc8fdd9c4470335c140 curl-7.65.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n1a0cfbced24644f121dcd3140c378d85 curl-7.65.0-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n0112a5878893a036364b3792bb62de6c curl-7.65.0-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n794f036ca4ae31aaad11bdb3e4f1b7d9 curl-7.65.0-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n82112f6caf0dc1d94340b4cf6a3eb001 n/curl-7.65.0-i586-1.txz\n\nSlackware x86_64 -current package:\ndf9c4d1a59fe2f191fd20035c0fcff29 n/curl-7.65.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.65.0-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. ==========================================================================\nUbuntu Security Notice USN-3993-1\nMay 22, 2019\n\ncurl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. A remote attacker could use this issue to cause\ncurl to crash, resulting in a denial of service, or possibly execute\narbitrary code. This issue only affected Ubuntu 19.04. (CVE-2019-5435)\n\nIt was discovered that curl incorrectly handled memory when receiving data\nfrom a TFTP server. A remote attacker could use this issue to cause curl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2019-5436)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n curl 7.64.0-2ubuntu1.1\n libcurl3-gnutls 7.64.0-2ubuntu1.1\n libcurl3-nss 7.64.0-2ubuntu1.1\n libcurl4 7.64.0-2ubuntu1.1\n\nUbuntu 18.10:\n curl 7.61.0-1ubuntu2.4\n libcurl3-gnutls 7.61.0-1ubuntu2.4\n libcurl3-nss 7.61.0-1ubuntu2.4\n libcurl4 7.61.0-1ubuntu2.4\n\nUbuntu 18.04 LTS:\n curl 7.58.0-2ubuntu3.7\n libcurl3-gnutls 7.58.0-2ubuntu3.7\n libcurl3-nss 7.58.0-2ubuntu3.7\n libcurl4 7.58.0-2ubuntu3.7\n\nUbuntu 16.04 LTS:\n curl 7.47.0-1ubuntu2.13\n libcurl3 7.47.0-1ubuntu2.13\n libcurl3-gnutls 7.47.0-1ubuntu2.13\n libcurl3-nss 7.47.0-1ubuntu2.13\n\nIn general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. This only affects\n the oldstable distribution (stretch). \n\nCVE-2019-5481\n\n Thomas Vegas discovered a double-free in the FTP-KRB code, triggered\n by a malicious server sending a very large data block. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 7.52.1-5+deb9u10. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 7.64.0-4+deb10u1. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAl5UJtgACgkQbwzL4CFi\nRyiozQ//TWmlmQt7fsskJtczrkjToirTdbgmzBeRI6PL2HXEZYY7WtdQzXDHqTb5\neQwrIrKsSrS30QneeeGHPEABhfUBCIQRiXocd5enAdQbqPchTIVl92YrZhHZqjbU\naP0q02QZrhn6nidzA+c3sU7ClW0YERVXOuVZAhQDnw0y1Iai5yVuQvIOhDYIEOdU\nG86svqzr4UAMdZPFP0N1avyHmonNB1/UC//l/g2s7q2ki7NOBCMfg2QV5+/6Ip0F\ntR8mgpukO7l+M0Jhb3SeCaGaRvbHDlkFIyGXKbDyffs14ceRykm/fhxB2bc8dSK7\nKLGjRLXJyHKCCoWzafHk13aNGu0jVqaRrCcyezhI8fnr9V/enDbnzLeEWGGL8H3e\nqVTyY+ykypinWeIRv+5VQtgrAhEJ6ZCiGCmbRyhwP0s8Yu5MlOJeS1L4GnBUbYuH\nZhB/DWtqFlh/Rgjs6XWr/CwzxFAps+wbKjY8l8/C18308J0bKq1sx4XWSEmXrMMj\nKbdVNKEjvA3n8HTa4CC+CgVA7723ysCERbKnTLKTu8rgPA9QDMyyxNpenVeB24DW\nG9rrnokVK0c56EeDlAOCB3gSA4XoDt3k+xP4vfaBcyzGj/mkEsOeAT6+lzqPbO30\nKqjBEQgVzb5nvKpPhJF8f71DXegfFvDL2ti5G4wkfRME4ytM6Wg=QC2b\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169)\n\n* grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table\nPanel\" screen (CVE-2018-18624)\n\n* js-jquery: prototype pollution in object\u0027s prototype leading to denial of\nservice or remote code execution or property injection (CVE-2019-11358)\n\n* npm-serialize-javascript: XSS via unsafe characters in serialized regular\nexpressions (CVE-2019-16769)\n\n* kibana: Prototype pollution in TSVB could result in arbitrary code\nexecution (ESA-2020-06) (CVE-2020-7013)\n\n* nodejs-minimist: prototype pollution allows adding or modifying\nproperties of Object.prototype using a constructor or __proto__ payload\n(CVE-2020-7598)\n\n* npmjs-websocket-extensions: ReDoS vulnerability in\nSec-WebSocket-Extensions parser (CVE-2020-7662)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter\nmethod (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods\ncould result in untrusted code execution (CVE-2020-11023)\n\n* grafana: stored XSS (CVE-2020-11110)\n\n* grafana: XSS annotation popup vulnerability (CVE-2020-12052)\n\n* grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245)\n\n* nodejs-elliptic: improper encoding checks allows a certain degree of\nsignature malleability in ECDSA signatures (CVE-2020-13822)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* openshift/console: text injection on error page via crafted url\n(CVE-2020-10715)\n\n* kibana: X-Frame-Option not set by default might lead to clickjacking\n(CVE-2020-10743)\n\n* openshift: restricted SCC allows pods to craft custom network packets\n(CVE-2020-14336)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Solution:\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13)\n1701972 - CVE-2019-11358 jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection\n1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking\n1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser\n1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability\n1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions\n1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip\n1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures\n1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06)\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the \"Dashboard \u003e Table Panel\" screen\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets\n1861044 - CVE-2020-11110 grafana: stored XSS\n1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4]\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: curl security and bug fix update\nAdvisory ID: RHSA-2020:1020-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1020\nIssue date: 2020-03-31\nCVE Names: CVE-2019-5436 \n=====================================================================\n\n1. Summary:\n\nAn update for curl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. \n\nSecurity Fix(es):\n\n* curl: TFTP receive heap buffer overflow in tftp_receive_packet() function\n(CVE-2019-5436)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.8 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1710620 - CVE-2019-5436 curl: TFTP receive heap buffer overflow in tftp_receive_packet() function\n1754736 - curl does not send Authorization header when receiving WWW-Authenticate header twice\n1769307 - curl fails while attempting to POST a char device\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nppc64:\ncurl-7.29.0-57.el7.ppc64.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc64.rpm\nlibcurl-7.29.0-57.el7.ppc.rpm\nlibcurl-7.29.0-57.el7.ppc64.rpm\nlibcurl-devel-7.29.0-57.el7.ppc.rpm\nlibcurl-devel-7.29.0-57.el7.ppc64.rpm\n\nppc64le:\ncurl-7.29.0-57.el7.ppc64le.rpm\ncurl-debuginfo-7.29.0-57.el7.ppc64le.rpm\nlibcurl-7.29.0-57.el7.ppc64le.rpm\nlibcurl-devel-7.29.0-57.el7.ppc64le.rpm\n\ns390x:\ncurl-7.29.0-57.el7.s390x.rpm\ncurl-debuginfo-7.29.0-57.el7.s390.rpm\ncurl-debuginfo-7.29.0-57.el7.s390x.rpm\nlibcurl-7.29.0-57.el7.s390.rpm\nlibcurl-7.29.0-57.el7.s390x.rpm\nlibcurl-devel-7.29.0-57.el7.s390.rpm\nlibcurl-devel-7.29.0-57.el7.s390x.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ncurl-7.29.0-57.el7.src.rpm\n\nx86_64:\ncurl-7.29.0-57.el7.x86_64.rpm\ncurl-debuginfo-7.29.0-57.el7.i686.rpm\ncurl-debuginfo-7.29.0-57.el7.x86_64.rpm\nlibcurl-7.29.0-57.el7.i686.rpm\nlibcurl-7.29.0-57.el7.x86_64.rpm\nlibcurl-devel-7.29.0-57.el7.i686.rpm\nlibcurl-devel-7.29.0-57.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-5436\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXoObWtzjgjWX9erEAQiZbxAAqKGZZqZXMjb1Ia8ST1HZTC8mBxlxQM9Z\nqwT3r0czzMc2PaMlmMbvBPr7JLybKl9bxb8ufMhCAQwvOYsIZ6mLlV+dwLVnpDJr\nu+I9HhOBjsJgbzspOl8XuyRyylcOXiZmDbuU5JarhGvrMgApHujgzxMwXDedApPP\nMvtbhMHNOiTrYXhMy6IrTkPoFdPaziNWLAw1TTbfMSsF2C9CUjXCpmRpv+ttq85q\n9Ms3wbGuS2tDm9/6grtarY3SxeSoaMg0VR3YJQ4J7jIXoeeHxQSs0K1mBVekEZ9r\nJcqgynjNqEQP1dcfzOxorRcXD7i2NFC1WLGdAM16KlETiN3Fpcb4nVF+0phU3ea+\nhJsKwKEAb6CX+qLi/uITr6m0xYy323QTNCvOHX/xtf6EnpJhq1UsltBOzm/KjL1T\nN0ClNjEs7/57TEIwE9u3LhDuPfQfdkewRv2QEqLdpNw5JqT8p+dxlrJNzCTkbFPc\nbgmHZdvfJ5blQweL/ejCE5zmr9jKYbhqyrdBn7sxKj1gn6R9ZHcX14pljDbLAjp/\ncBWx9zscU82xyh49QAl8VHabiHpOU9c7SaUz+9G3WzZboaJNUoBrPTPvsXg1nGW7\n0f3qjx/Y3/MRR8qCNL7VtNA+8QCGryMU+Gs5cxNnWmtfW0i5kpHCU7cxk/+ig2JZ\nM95S58Xnb8U=\n=UHVC\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-5436" }, { "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "db": "VULHUB", "id": "VHN-156871" }, { "db": "VULMON", "id": "CVE-2019-5436" }, { "db": "PACKETSTORM", "id": "153051" }, { "db": "PACKETSTORM", "id": "153003" }, { "db": "PACKETSTORM", "id": "158035" }, { "db": "PACKETSTORM", "id": "156523" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "157425" }, { "db": "PACKETSTORM", "id": "156986" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-5436", "trust": 3.3 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2019/09/11/6", "trust": 1.8 }, { "db": "PACKETSTORM", "id": "158035", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "157425", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "156523", "trust": 0.8 }, { "db": "BID", "id": "108435", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-004875", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201905-933", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "153051", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "153003", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1874", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2033", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0651", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1494", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1177", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1837", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4380", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4780", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3700", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2593", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "156753", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "156986", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "153010", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-156871", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-5436", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "159727", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-156871" }, { "db": "VULMON", "id": "CVE-2019-5436" }, { "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "db": "PACKETSTORM", "id": "153051" }, { "db": "PACKETSTORM", "id": "153003" }, { "db": "PACKETSTORM", "id": "158035" }, { "db": "PACKETSTORM", "id": "156523" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "157425" }, { "db": "PACKETSTORM", "id": "156986" }, { "db": "CNNVD", "id": "CNNVD-201905-933" }, { "db": "NVD", "id": "CVE-2019-5436" } ] }, "id": "VAR-201905-0095", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-156871" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T19:40:01.950000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "TFTP receive buffer overflow", "trust": 0.8, "url": "https://curl.haxx.se/docs/cve-2019-5436.html" }, { "title": "Haxx libcurl Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92898" }, { "title": "Red Hat: Low: curl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202505 - security advisory" }, { "title": "Red Hat: Low: curl security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201020 - security advisory" }, { "title": "Red Hat: Moderate: curl security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20201792 - security advisory" }, { "title": "Ubuntu Security Notice: curl vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3993-2" }, { "title": "Ubuntu Security Notice: curl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3993-1" }, { "title": "Debian CVElist Bug Report Logs: curl: CVE-2019-5436: TFTP receive buffer overflow", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=af8cb489ed21fcca996e119afe1e5163" }, { "title": "Debian CVElist Bug Report Logs: curl: CVE-2019-5435: Integer overflows in curl_url_set", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fae65389c96796d30251ace6eb631de7" }, { "title": "Arch Linux Advisories: [ASA-201905-16] curl: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-16" }, { "title": "Debian Security Advisories: DSA-4633-1 curl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=13ee33e4932409d819a833a7d96f2574" }, { "title": "Arch Linux Advisories: [ASA-201905-12] libcurl-gnutls: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-12" }, { "title": "Arch Linux Advisories: [ASA-201905-11] libcurl-compat: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-11" }, { "title": "Amazon Linux AMI: ALAS-2019-1233", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1233" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2019-5436" }, { "title": "Amazon Linux 2: ALAS2-2019-1233", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1233" }, { "title": "Arch Linux Advisories: [ASA-201905-15] lib32-curl: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-15" }, { "title": "Arch Linux Advisories: [ASA-201905-14] lib32-libcurl-compat: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-14" }, { "title": "Arch Linux Advisories: [ASA-201905-13] lib32-libcurl-gnutls: arbitrary code execution", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201905-13" }, { "title": "Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203194 - security advisory" }, { "title": "Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204298 - security advisory" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" }, { "title": "cve", "trust": 0.1, "url": "https://github.com/michwqy/cve " }, { "title": "", "trust": 0.1, "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser " } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-5436" }, { "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "db": "CNNVD", "id": "CNNVD-201905-933" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-119", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-156871" }, { "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "db": "NVD", "id": "CVE-2019-5436" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5436" }, { "trust": 1.8, "url": "https://seclists.org/bugtraq/2020/feb/36" }, { "trust": 1.8, "url": "https://curl.haxx.se/docs/cve-2019-5436.html" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20190606-0004/" }, { "trust": 1.8, "url": "https://support.f5.com/csp/article/k55133295" }, { "trust": 1.8, "url": "https://www.debian.org/security/2020/dsa-4633" }, { "trust": 1.8, "url": "https://security.gentoo.org/glsa/202003-29" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "trust": 1.8, "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2019/09/11/6" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html" }, { "trust": 1.3, "url": "http://www.securityfocus.com/bid/108435" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 0.9, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5436" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/smg3v4vtx2se3ew3hqtn3ddlqbtorqc2/" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/3993-2" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/3993-1" }, { "trust": 0.6, "url": "https://seclists.org/oss-sec/2019/q2/124" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2019-5436cve-2019-5436curl:tftpreceiveheapbufferoverflowintftp_receive_packet()function" }, { "trust": 0.6, "url": "http://curl.haxx.se/" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026utm_medium=rss" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1108041" }, { "trust": 0.6, "url": "https://usn.ubuntu.com/3993-1/" }, { "trust": 0.6, "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00036.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3700/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156523/debian-security-advisory-4633-1.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-switch-firmware-products-are-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1143490" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2593/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/153003/ubuntu-security-notice-usn-3993-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2033/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1874/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0651/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4780/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-libcurl-affects-the-os-image-for-redhat-enterprise-linux-for-ibm-cloud-pak-system-cve-2019-5436/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/curl-multiple-vulnerabilities-29382" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4380/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.1837/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/153051/slackware-security-advisory-curl-updates.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157425/red-hat-security-advisory-2020-1792-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1494/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1177/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-a-vulnerability-in-libcurl-cve-2019-5436/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156753/gentoo-linux-security-advisory-202003-29.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158035/red-hat-security-advisory-2020-2505-01.html" }, { "trust": 0.4, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-5436" }, { "trust": 0.4, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.4, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:2505" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5435" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#low" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5481" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-5482" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-5481" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k55133295?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/787.html" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=60232" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/3993-2/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5435" }, { "trust": 0.1, "url": "http://slackware.com" }, { "trust": 0.1, "url": "http://osuosl.org)" }, { "trust": 0.1, "url": "http://slackware.com/gpg-key" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.4" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.7" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.64.0-2ubuntu1.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.13" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3993-1" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/curl" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8768" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8535" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10743" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20657" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19126" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1712" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8518" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12448" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8611" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8203" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8676" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-9251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17451" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20060" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19519" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11070" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7150" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1547" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7664" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8607" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12052" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14973" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8623" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15366" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8594" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8690" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13752" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8601" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3822" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11324" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19925" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3823" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7146" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1010204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11324" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11236" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8524" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10739" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16890" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8536" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8686" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8671" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8544" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12049" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8571" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19519" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15719" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2013-0169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8677" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-18624" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8595" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13753" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11459" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12447" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8679" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12795" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20657" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5094" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3844" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20852" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20483" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14336" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8619" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4298" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8622" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1010180" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7598" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8681" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3825" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8523" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-18074" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6237" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-6706" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20483" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20337" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8559" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8687" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13822" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19923" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16769" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8672" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11023" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14404" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8608" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7662" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8615" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7665" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8666" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8457" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5953" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8689" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15847" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8735" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11236" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19924" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-12245" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14404" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8726" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8596" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8696" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8610" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-18408" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13636" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16890" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11070" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14498" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-7149" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16056" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10739" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20337" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18074" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11110" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8584" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19959" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8675" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8563" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10531" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13232" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3843" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14040" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010180" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12449" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10715" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8609" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9283" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8587" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-18751" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8506" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18624" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11022" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8583" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-9251" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12448" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11008" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11459" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-8597" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1792" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1020" } ], "sources": [ { "db": "VULHUB", "id": "VHN-156871" }, { "db": "VULMON", "id": "CVE-2019-5436" }, { "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "db": "PACKETSTORM", "id": "153051" }, { "db": "PACKETSTORM", "id": "153003" }, { "db": "PACKETSTORM", "id": "158035" }, { "db": "PACKETSTORM", "id": "156523" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "157425" }, { "db": "PACKETSTORM", "id": "156986" }, { "db": "CNNVD", "id": "CNNVD-201905-933" }, { "db": "NVD", "id": "CVE-2019-5436" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-156871" }, { "db": "VULMON", "id": "CVE-2019-5436" }, { "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "db": "PACKETSTORM", "id": "153051" }, { "db": "PACKETSTORM", "id": "153003" }, { "db": "PACKETSTORM", "id": "158035" }, { "db": "PACKETSTORM", "id": "156523" }, { "db": "PACKETSTORM", "id": "159727" }, { "db": "PACKETSTORM", "id": "157425" }, { "db": "PACKETSTORM", "id": "156986" }, { "db": "CNNVD", "id": "CNNVD-201905-933" }, { "db": "NVD", "id": "CVE-2019-5436" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-28T00:00:00", "db": "VULHUB", "id": "VHN-156871" }, { "date": "2019-05-28T00:00:00", "db": "VULMON", "id": "CVE-2019-5436" }, { "date": "2019-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "date": "2019-05-23T16:31:30", "db": "PACKETSTORM", "id": "153051" }, { "date": "2019-05-22T14:39:56", "db": "PACKETSTORM", "id": "153003" }, { "date": "2020-06-11T16:34:00", "db": "PACKETSTORM", "id": "158035" }, { "date": "2020-02-25T15:20:44", "db": "PACKETSTORM", "id": "156523" }, { "date": "2020-10-27T16:59:02", "db": "PACKETSTORM", "id": "159727" }, { "date": "2020-04-28T20:19:57", "db": "PACKETSTORM", "id": "157425" }, { "date": "2020-03-31T19:42:22", "db": "PACKETSTORM", "id": "156986" }, { "date": "2019-05-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-933" }, { "date": "2019-05-28T19:29:06.127000", "db": "NVD", "id": "CVE-2019-5436" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-10-20T00:00:00", "db": "VULHUB", "id": "VHN-156871" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2019-5436" }, { "date": "2019-06-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-004875" }, { "date": "2021-03-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201905-933" }, { "date": "2023-11-07T03:11:35.247000", "db": "NVD", "id": "CVE-2019-5436" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-933" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "libcurl Buffer error vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-004875" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201905-933" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.