var-202010-0251
Vulnerability from variot

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. Network Security Services (NSS) Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state.

Bug Fix(es):

  • Gather image registry config (backport to 4.3) (BZ#1836815)

  • Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176)

  • Login with OpenShift not working after cluster upgrade (BZ#1852429)

  • Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018)

  • [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110)

  • [release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293)

You may download the oc tool and use it to inspect release image metadata as follows:

(For x86_64 architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64

The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc

(For s390x architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64

(For ppc64le architecture)

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le

The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc

  1. Solution:

For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):

1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs

Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Bugs fixed (https://bugzilla.redhat.com/):

1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values

  1. Description:

Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.

This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):

1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

  1. Description:

Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks.

The advisory addresses the following issues:

  • Re-release of odo-init-image 1.1.3 for security updates

  • Solution:

Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/):

1832983 - Release of 1.1.3 odo-init-image

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: nss and nss-softokn security update Advisory ID: RHSA-2021:0876-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0876 Issue date: 2021-03-16 CVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2019-17007 CVE-2020-12403 ==================================================================== 1. Summary:

An update for nss and nss-softokn is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

  1. Description:

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es):

  • nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)

  • nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)

  • nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS (CVE-2019-17007)

  • nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS 1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

  1. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):

Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm

x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):

x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.6):

Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm

ppc64: nss-3.36.0-9.el7_6.ppc.rpm nss-3.36.0-9.el7_6.ppc64.rpm nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-devel-3.36.0-9.el7_6.ppc.rpm nss-devel-3.36.0-9.el7_6.ppc64.rpm nss-softokn-3.36.0-7.el7_6.ppc.rpm nss-softokn-3.36.0-7.el7_6.ppc64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm nss-sysinit-3.36.0-9.el7_6.ppc64.rpm nss-tools-3.36.0-9.el7_6.ppc64.rpm

ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm

x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm

aarch64: nss-3.36.0-9.el7_6.aarch64.rpm nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-devel-3.36.0-9.el7_6.aarch64.rpm nss-softokn-3.36.0-7.el7_6.aarch64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm nss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm nss-sysinit-3.36.0-9.el7_6.aarch64.rpm nss-tools-3.36.0-9.el7_6.aarch64.rpm

ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.6):

ppc64: nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm

ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm

x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64: nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm

ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17007 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP jCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5 Em5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J o0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm mttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn wLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5 5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR iobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b 8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16 1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z IFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6 BbaFUBBSJpw=m1vv -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

4

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0251",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "network security services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.46"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "network security services",
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": "hci management node",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "solidfire",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "hci compute node",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "hci storage node",
        "scope": null,
        "trust": 0.8,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_mx5000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.14.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1400_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.14.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.14.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1501_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.14.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1510_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.14.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1511_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.14.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx1512_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.14.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rox_rx5000_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.14.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.46",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "161916"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-17006",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2019-17006",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-17006",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-17006",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-1134",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-17006",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. Network Security Services (NSS) Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. \n\nBug Fix(es):\n\n* Gather image registry config (backport to 4.3) (BZ#1836815)\n\n* Builds fail after running postCommit script if OCP cluster is configured\nwith a container registry whitelist (BZ#1849176)\n\n* Login with OpenShift not working after cluster upgrade (BZ#1852429)\n\n* Limit the size of gathered federated metrics from alerts in Insights\nOperator (BZ#1874018)\n\n* [4.3] Storage operator stops reconciling when going Upgradeable=False on\nv1alpha1 CRDs (BZ#1879110)\n\n* [release 4.3] OpenShift APIs become unavailable for more than 15 minutes\nafter one of master nodes went down(OAuth) (BZ#1880293)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-x86_64\n\nThe image digest is\nsha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc\n\n(For s390x architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-s390x\nThe image digest is\nsha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64\n\n(For ppc64le architecture)\n\n  $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le\n\nThe image digest is\nsha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc\n\n3. Solution:\n\nFor OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1836815 - Gather image registry config (backport to 4.3)\n1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist\n1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator\n1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized\n1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs\n\n5. \n\nAnsible Automation Platform manages Ansible Platform jobs and workflows\nthat can interface with any infrastructure on a Red Hat OpenShift Container\nPlatform cluster, or on a traditional infrastructure that is running\noff-cluster. Bugs fixed (https://bugzilla.redhat.com/):\n\n1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module\n1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values\n1916813 - CVE-2021-20191 ansible: multiple modules expose secured values\n1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option\n1939349 - CVE-2021-3447 ansible: multiple modules expose secured values\n\n5. Description:\n\nRed Hat 3scale API Management delivers centralized API management features\nthrough a distributed, cloud-hosted layer. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. \n\nThis advisory is intended to use with container images for Red Hat 3scale\nAPI Management 2.10.0. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n\n5. Description:\n\nRed Hat OpenShift Do (odo) is a simple CLI tool for developers to create,\nbuild, and deploy applications on OpenShift. The odo tool is completely\nclient-based and requires no server within the OpenShift cluster for\ndeployment. It detects changes to local code and deploys it to the cluster\nautomatically, giving instant feedback to validate changes in real-time. It\nsupports multiple programming languages and frameworks. \n\nThe advisory addresses the following issues:\n\n* Re-release of odo-init-image 1.1.3 for security updates\n\n3. Solution:\n\nDownload and install a new CLI binary by following the instructions linked\nfrom the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1832983 - Release of 1.1.3 odo-init-image\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: nss and nss-softokn security update\nAdvisory ID:       RHSA-2021:0876-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0876\nIssue date:        2021-03-16\nCVE Names:         CVE-2019-11756 CVE-2019-17006 CVE-2019-17007\n                   CVE-2020-12403\n====================================================================\n1. Summary:\n\nAn update for nss and nss-softokn is now available for Red Hat Enterprise\nLinux 7.6 Extended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nSecurity Fix(es):\n\n* nss: Use-after-free in sftk_FreeSession due to improper refcounting\n(CVE-2019-11756)\n\n* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)\n\n* nss: Handling of Netscape Certificate Sequences in\nCERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n(CVE-2019-17007)\n\n* nss: CHACHA20-POLY1305 decryption with undersized tag leads to\nout-of-bounds read (CVE-2020-12403)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS (for example, Firefox)\nmust be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting\n1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives\n1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nppc64:\nnss-3.36.0-9.el7_6.ppc.rpm\nnss-3.36.0-9.el7_6.ppc64.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-devel-3.36.0-9.el7_6.ppc.rpm\nnss-devel-3.36.0-9.el7_6.ppc64.rpm\nnss-softokn-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64.rpm\nnss-tools-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\naarch64:\nnss-3.36.0-9.el7_6.aarch64.rpm\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-devel-3.36.0-9.el7_6.aarch64.rpm\nnss-softokn-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-sysinit-3.36.0-9.el7_6.aarch64.rpm\nnss-tools-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6):\n\nppc64:\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11756\nhttps://access.redhat.com/security/cve/CVE-2019-17006\nhttps://access.redhat.com/security/cve/CVE-2019-17007\nhttps://access.redhat.com/security/cve/CVE-2020-12403\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP\njCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5\nEm5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J\no0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm\nmttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn\nwLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5\n5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR\niobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b\n8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16\n1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z\nIFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6\nBbaFUBBSJpw=m1vv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "161916"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006",
        "trust": 3.2
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-040-04",
        "trust": 2.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-379803",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "159661",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162142",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162130",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159553",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161916",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161842",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0491",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3355",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3535",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2604",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2650",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0072",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0933",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3461",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1193",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0053",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0834",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2446",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0986",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0136",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0001",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3631",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1091",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1207",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "159396",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161706",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "158724",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "159497",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "155889",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "162026",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021071301",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021043017",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-17006",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159552",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "161916"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "id": "VAR-202010-0251",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.52540106
  },
  "last_update_date": "2024-07-23T20:13:10.179000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NTAP-20210129-0001 Siemens Siemens\u00a0Security\u00a0Advisory",
        "trust": 0.8,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes"
      },
      {
        "title": "Mozilla Network Security Services Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105845"
      },
      {
        "title": "Ubuntu Security Notice: nss vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-4231-1"
      },
      {
        "title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203280 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin:  A security vulnerabilitiy has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2019-17006)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a91447c5697ecfb6bbab6f4cf67cb949"
      },
      {
        "title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204076 - security advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4726-1 nss -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2610caa3eacc40f97585be7c579718bd"
      },
      {
        "title": "Red Hat: Low: OpenShift Virtualization 2.4.2 Images",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204201 - security advisory"
      },
      {
        "title": "IBM: Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=52844442ae85845bde006e7f0170408e"
      },
      {
        "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204255 - security advisory"
      },
      {
        "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204254 - security advisory"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
      },
      {
        "title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204264 - security advisory"
      },
      {
        "title": "zot",
        "trust": 0.1,
        "url": "https://github.com/anuvu/zot "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "Inadequate verification of data reliability (CWE-345) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
      },
      {
        "trust": 2.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
      },
      {
        "trust": 1.7,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-17006"
      },
      {
        "trust": 0.7,
        "url": "https://usn.ubuntu.com/4231-1/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-11756"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-12749"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-17023"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-6829"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-12243"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-17498"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-5094"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-12400"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-11727"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-12402"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-12401"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-11719"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2019-5188"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.debian.org/lts/security/2020/dla-2058"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155889/ubuntu-security-notice-usn-4231-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159396/red-hat-security-advisory-2020-4076-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0072/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0136/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0834"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0933"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1091"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159497/red-hat-security-advisory-2020-4201-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-7/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-cryptographic-primitives-31248"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0053/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021071301"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158724/red-hat-security-advisory-2020-3280-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2650/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0001/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161706/red-hat-security-advisory-2021-0758-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2446/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021043017"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403-2/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161842/red-hat-security-advisory-2021-0876-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3461/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-mozilla-firefox-vulnerabilities/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162026/red-hat-security-advisory-2021-1026-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
      },
      {
        "trust": 0.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-19126"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-14973"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-17546"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2017-12652"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
      },
      {
        "trust": 0.4,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-5482"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-12450"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20386"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14822"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20907"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-8177"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-1971"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-5313"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-9283"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1240"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-18874"
      },
      {
        "trust": 0.2,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14365"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/345.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111311"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4264"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-2974"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2226"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2780"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2974"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2752"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2574"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14352"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2225"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12825"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18190"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8696"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2181"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2182"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8675"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-18190"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24750"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2224"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-2812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1079"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15999"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3156"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3447"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-5313"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20191"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20180"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15999"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25211"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1129"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25645"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25656"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28374"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29661"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20265"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-0427"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19532"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12723"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7053"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4255"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0949"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8177"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6829"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17007"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17007"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4254"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "161916"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "161916"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "date": "2021-05-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "date": "2020-10-21T15:40:32",
        "db": "PACKETSTORM",
        "id": "159661"
      },
      {
        "date": "2021-04-09T15:06:13",
        "db": "PACKETSTORM",
        "id": "162142"
      },
      {
        "date": "2021-04-08T14:00:00",
        "db": "PACKETSTORM",
        "id": "162130"
      },
      {
        "date": "2020-10-14T16:52:18",
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "date": "2021-03-22T15:36:55",
        "db": "PACKETSTORM",
        "id": "161916"
      },
      {
        "date": "2021-03-17T14:35:53",
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "date": "2020-10-14T16:52:12",
        "db": "PACKETSTORM",
        "id": "159552"
      },
      {
        "date": "2019-12-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "date": "2020-10-22T21:15:12.560000",
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "date": "2021-05-12T08:27:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      },
      {
        "date": "2021-08-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "date": "2021-07-21T11:39:23.747000",
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Network\u00a0Security\u00a0Services\u00a0 Vulnerability for inadequate validation of data reliability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016070"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.