var-202001-1433
Vulnerability from variot
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox and Thunderbird Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: nss-softokn security update Advisory ID: RHSA-2020:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1267 Issue date: 2020-04-01 CVE Names: CVE-2018-0495 CVE-2019-11745 ==================================================================== 1. Summary:
An update for nss-softokn is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64, ppc64le, s390x, x86_64
- Description:
The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.
Security Fix(es):
-
nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)
-
ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1591163 - CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries 1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
- Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.5):
Source: nss-softokn-3.36.0-6.el7_5.src.rpm
x86_64: nss-softokn-3.36.0-6.el7_5.i686.rpm nss-softokn-3.36.0-6.el7_5.x86_64.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.i686.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.x86_64.rpm nss-softokn-freebl-3.36.0-6.el7_5.i686.rpm nss-softokn-freebl-3.36.0-6.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):
x86_64: nss-softokn-debuginfo-3.36.0-6.el7_5.i686.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.x86_64.rpm nss-softokn-devel-3.36.0-6.el7_5.i686.rpm nss-softokn-devel-3.36.0-6.el7_5.x86_64.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.i686.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: nss-softokn-3.36.0-6.el7_5.src.rpm
ppc64: nss-softokn-3.36.0-6.el7_5.ppc.rpm nss-softokn-3.36.0-6.el7_5.ppc64.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.ppc.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.ppc64.rpm nss-softokn-devel-3.36.0-6.el7_5.ppc.rpm nss-softokn-devel-3.36.0-6.el7_5.ppc64.rpm nss-softokn-freebl-3.36.0-6.el7_5.ppc.rpm nss-softokn-freebl-3.36.0-6.el7_5.ppc64.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.ppc.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.ppc64.rpm
ppc64le: nss-softokn-3.36.0-6.el7_5.ppc64le.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.ppc64le.rpm nss-softokn-devel-3.36.0-6.el7_5.ppc64le.rpm nss-softokn-freebl-3.36.0-6.el7_5.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.ppc64le.rpm
s390x: nss-softokn-3.36.0-6.el7_5.s390.rpm nss-softokn-3.36.0-6.el7_5.s390x.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.s390.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.s390x.rpm nss-softokn-devel-3.36.0-6.el7_5.s390.rpm nss-softokn-devel-3.36.0-6.el7_5.s390x.rpm nss-softokn-freebl-3.36.0-6.el7_5.s390.rpm nss-softokn-freebl-3.36.0-6.el7_5.s390x.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.s390.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.s390x.rpm
x86_64: nss-softokn-3.36.0-6.el7_5.i686.rpm nss-softokn-3.36.0-6.el7_5.x86_64.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.i686.rpm nss-softokn-debuginfo-3.36.0-6.el7_5.x86_64.rpm nss-softokn-devel-3.36.0-6.el7_5.i686.rpm nss-softokn-devel-3.36.0-6.el7_5.x86_64.rpm nss-softokn-freebl-3.36.0-6.el7_5.i686.rpm nss-softokn-freebl-3.36.0-6.el7_5.x86_64.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.i686.rpm nss-softokn-freebl-devel-3.36.0-6.el7_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0495 https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXoRSIdzjgjWX9erEAQiVqQ//TH1K6R0uTAuq11Q7PXmGjTPUa2/clEuk c008m2G1x4AWmPocvtPpPhKe0BUviGxFtAGTrhJx5f2be2YmRZ+JHFRYwHI3lKM2 YJjMwSW0vohBhVXudOvG7+cWfbkKt1i0a8N+2IaSH0VcgUEOvhyPVZ/22HwNUeaS loPZFyJOJZy76heQNzenvXLj1CRIlkGsxsvr0fxVHqNrNXn/k3jzPfBHtFxbawk1 QjwkAND/s8x9Qj8T7zby/2NXXi5y8yuI4PksOb2rmyjaPLtcAGujHtHsEGziyinW BJAyh7tkMxAcWxxMNEdRAZjVcErp99ZNaa4Ck+u9rEW7vPWYn6EunPnqnL1y9nCZ f/ZKICjXVkMqZq8Jp7WOmupmT1fGt1LSUYnJIiyn1u/6fZANh6BzgmR74RkX5OWc 2QSyU3FcZXT7ttaKtaGslCaT9ZLIn1grKhoTrqTrc1Z9IekJNBBm/5/FIzutNqd/ D6TIJbH82G03j1DXG2fvsRLfaDu0GTt6HXLEsK0JPlJZeXOwJdrGvJz3XYX1jo2o CF1R9lEXhkJXoxXn7e5EJ5Egl04vqqJ16qsWyynolhETK/dUkXf1x4Cdg3HeZ3CB m1EgllecBP+OLntAqaHihCzwpZEJaARI/xxKHpYd96KcsfqLtPKcc1uWDFHk64Tk rIqDkBJPd4A=xNcH -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Background
The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. 7.4) - x86_64
- ========================================================================== Ubuntu Security Notice USN-4241-1 January 16, 2020
thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Thunderbird. (CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026)
It was discovered that NSS incorrectly handled certain memory operations. (CVE-2019-11745)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 19.10: thunderbird 1:68.4.1+build1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS: thunderbird 1:68.4.1+build1-0ubuntu0.18.04.1
After a standard system update you need to restart Thunderbird to make all the necessary changes. 8.0) - ppc64le, x86_64
- Description:
Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-10
https://security.gentoo.org/
Severity: High Title: Mozilla Thunderbird: Multiple vulnerabilities Date: March 14, 2020 Bugs: #698516, #702638, #709350, #712518 ID: 202003-10
Synopsis
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.
Background
Mozilla Thunderbird is a popular open-source email client from the Mozilla project.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-client/thunderbird < 68.6.0 >= 68.6.0 2 mail-client/thunderbird-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to execute arbitrary code, cause a Denial of Service condition, obtain sensitive information, or conduct Cross-Site Request Forgery (CSRF).
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-68.6.0"
All Mozilla Thunderbird binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-68.6.0"
References
[ 1 ] MFSA-2019-35 https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/ [ 2 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 3 ] MFSA-2020-07 https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/ [ 4 ] MFSA-2020-10 https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/ [ 5 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 6 ] CVE-2019-11757 https://nvd.nist.gov/vuln/detail/CVE-2019-11757 [ 7 ] CVE-2019-11759 https://nvd.nist.gov/vuln/detail/CVE-2019-11759 [ 8 ] CVE-2019-11760 https://nvd.nist.gov/vuln/detail/CVE-2019-11760 [ 9 ] CVE-2019-11761 https://nvd.nist.gov/vuln/detail/CVE-2019-11761 [ 10 ] CVE-2019-11762 https://nvd.nist.gov/vuln/detail/CVE-2019-11762 [ 11 ] CVE-2019-11763 https://nvd.nist.gov/vuln/detail/CVE-2019-11763 [ 12 ] CVE-2019-11764 https://nvd.nist.gov/vuln/detail/CVE-2019-11764 [ 13 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 14 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 15 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 16 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 17 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 18 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 19 ] CVE-2020-6792 https://nvd.nist.gov/vuln/detail/CVE-2020-6792 [ 20 ] CVE-2020-6793 https://nvd.nist.gov/vuln/detail/CVE-2020-6793 [ 21 ] CVE-2020-6794 https://nvd.nist.gov/vuln/detail/CVE-2020-6794 [ 22 ] CVE-2020-6795 https://nvd.nist.gov/vuln/detail/CVE-2020-6795 [ 23 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 24 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 25 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 26 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 27 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 28 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 29 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 30 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-10
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firefox esr",
"scope": "lt",
"trust": 1.8,
"vendor": "mozilla",
"version": "68.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "ruggedcom rox rx1400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx1512",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "thunderbird",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "68.3.0"
},
{
"model": "ruggedcom rox rx1510",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "firefox",
"scope": "lt",
"trust": 1.0,
"vendor": "mozilla",
"version": "71.0"
},
{
"model": "ruggedcom rox rx1500",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx1501",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox rx1511",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "ruggedcom rox mx5000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.14.0"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "firefox",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "71"
},
{
"model": "thunderbird",
"scope": "lt",
"trust": 0.8,
"vendor": "mozilla",
"version": "68.3"
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:mozilla:firefox",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:firefox_esr",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mozilla:thunderbird",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:opensuse_project:leap",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "156299"
},
{
"db": "PACKETSTORM",
"id": "156093"
}
],
"trust": 0.4
},
"cve": "CVE-2019-11745",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-11745",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-11745",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-11745",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-11745",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-11745",
"trust": 0.8,
"value": "High"
},
{
"author": "VULMON",
"id": "CVE-2019-11745",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71. Firefox and Thunderbird Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: nss-softokn security update\nAdvisory ID: RHSA-2020:1267-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:1267\nIssue date: 2020-04-01\nCVE Names: CVE-2018-0495 CVE-2019-11745\n====================================================================\n1. Summary:\n\nAn update for nss-softokn is now available for Red Hat Enterprise Linux 7.5\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.5) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.5) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe nss-softokn package provides the Network Security Services Softoken\nCryptographic Module. \n\nSecurity Fix(es):\n\n* nss: Out-of-bounds write when passing an output buffer smaller than the\nblock size to NSC_EncryptUpdate (CVE-2019-11745)\n\n* ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries\n(CVE-2018-0495)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1591163 - CVE-2018-0495 ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries\n1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.5):\n\nSource:\nnss-softokn-3.36.0-6.el7_5.src.rpm\n\nx86_64:\nnss-softokn-3.36.0-6.el7_5.i686.rpm\nnss-softokn-3.36.0-6.el7_5.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.i686.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.x86_64.rpm\nnss-softokn-freebl-3.36.0-6.el7_5.i686.rpm\nnss-softokn-freebl-3.36.0-6.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.5):\n\nx86_64:\nnss-softokn-debuginfo-3.36.0-6.el7_5.i686.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.x86_64.rpm\nnss-softokn-devel-3.36.0-6.el7_5.i686.rpm\nnss-softokn-devel-3.36.0-6.el7_5.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-6.el7_5.i686.rpm\nnss-softokn-freebl-devel-3.36.0-6.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nnss-softokn-3.36.0-6.el7_5.src.rpm\n\nppc64:\nnss-softokn-3.36.0-6.el7_5.ppc.rpm\nnss-softokn-3.36.0-6.el7_5.ppc64.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.ppc.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.ppc64.rpm\nnss-softokn-devel-3.36.0-6.el7_5.ppc.rpm\nnss-softokn-devel-3.36.0-6.el7_5.ppc64.rpm\nnss-softokn-freebl-3.36.0-6.el7_5.ppc.rpm\nnss-softokn-freebl-3.36.0-6.el7_5.ppc64.rpm\nnss-softokn-freebl-devel-3.36.0-6.el7_5.ppc.rpm\nnss-softokn-freebl-devel-3.36.0-6.el7_5.ppc64.rpm\n\nppc64le:\nnss-softokn-3.36.0-6.el7_5.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.ppc64le.rpm\nnss-softokn-devel-3.36.0-6.el7_5.ppc64le.rpm\nnss-softokn-freebl-3.36.0-6.el7_5.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-6.el7_5.ppc64le.rpm\n\ns390x:\nnss-softokn-3.36.0-6.el7_5.s390.rpm\nnss-softokn-3.36.0-6.el7_5.s390x.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.s390.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.s390x.rpm\nnss-softokn-devel-3.36.0-6.el7_5.s390.rpm\nnss-softokn-devel-3.36.0-6.el7_5.s390x.rpm\nnss-softokn-freebl-3.36.0-6.el7_5.s390.rpm\nnss-softokn-freebl-3.36.0-6.el7_5.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-6.el7_5.s390.rpm\nnss-softokn-freebl-devel-3.36.0-6.el7_5.s390x.rpm\n\nx86_64:\nnss-softokn-3.36.0-6.el7_5.i686.rpm\nnss-softokn-3.36.0-6.el7_5.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.i686.rpm\nnss-softokn-debuginfo-3.36.0-6.el7_5.x86_64.rpm\nnss-softokn-devel-3.36.0-6.el7_5.i686.rpm\nnss-softokn-devel-3.36.0-6.el7_5.x86_64.rpm\nnss-softokn-freebl-3.36.0-6.el7_5.i686.rpm\nnss-softokn-freebl-3.36.0-6.el7_5.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-6.el7_5.i686.rpm\nnss-softokn-freebl-devel-3.36.0-6.el7_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0495\nhttps://access.redhat.com/security/cve/CVE-2019-11745\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXoRSIdzjgjWX9erEAQiVqQ//TH1K6R0uTAuq11Q7PXmGjTPUa2/clEuk\nc008m2G1x4AWmPocvtPpPhKe0BUviGxFtAGTrhJx5f2be2YmRZ+JHFRYwHI3lKM2\nYJjMwSW0vohBhVXudOvG7+cWfbkKt1i0a8N+2IaSH0VcgUEOvhyPVZ/22HwNUeaS\nloPZFyJOJZy76heQNzenvXLj1CRIlkGsxsvr0fxVHqNrNXn/k3jzPfBHtFxbawk1\nQjwkAND/s8x9Qj8T7zby/2NXXi5y8yuI4PksOb2rmyjaPLtcAGujHtHsEGziyinW\nBJAyh7tkMxAcWxxMNEdRAZjVcErp99ZNaa4Ck+u9rEW7vPWYn6EunPnqnL1y9nCZ\nf/ZKICjXVkMqZq8Jp7WOmupmT1fGt1LSUYnJIiyn1u/6fZANh6BzgmR74RkX5OWc\n2QSyU3FcZXT7ttaKtaGslCaT9ZLIn1grKhoTrqTrc1Z9IekJNBBm/5/FIzutNqd/\nD6TIJbH82G03j1DXG2fvsRLfaDu0GTt6HXLEsK0JPlJZeXOwJdrGvJz3XYX1jo2o\nCF1R9lEXhkJXoxXn7e5EJ5Egl04vqqJ16qsWyynolhETK/dUkXf1x4Cdg3HeZ3CB\nm1EgllecBP+OLntAqaHihCzwpZEJaARI/xxKHpYd96KcsfqLtPKcc1uWDFHk64Tk\nrIqDkBJPd4A=xNcH\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBackground\n==========\n\nThe Mozilla Network Security Service (NSS) is a library implementing\nsecurity features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11,\nPKCS #12, S/MIME and X.509 certificates. 7.4) - x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-4241-1\nJanuary 16, 2020\n\nthunderbird vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.10\n- Ubuntu 18.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Thunderbird. \n(CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011,\nCVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022,\nCVE-2019-17024, CVE-2019-17026)\n\nIt was discovered that NSS incorrectly handled certain memory operations. (CVE-2019-11745)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.10:\n thunderbird 1:68.4.1+build1-0ubuntu0.19.10.1\n\nUbuntu 18.04 LTS:\n thunderbird 1:68.4.1+build1-0ubuntu0.18.04.1\n\nAfter a standard system update you need to restart Thunderbird to make\nall the necessary changes. 8.0) - ppc64le, x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-10\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Mozilla Thunderbird: Multiple vulnerabilities\n Date: March 14, 2020\n Bugs: #698516, #702638, #709350, #712518\n ID: 202003-10\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Thunderbird, the\nworst of which could result in the arbitrary execution of code. \n\nBackground\n==========\n\nMozilla Thunderbird is a popular open-source email client from the\nMozilla project. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 mail-client/thunderbird \u003c 68.6.0 \u003e= 68.6.0\n 2 mail-client/thunderbird-bin\n \u003c 68.6.0 \u003e= 68.6.0\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Thunderbird. \nPlease review the CVE identifiers referenced below for details. \n\nImpact\n======\n\nA remote attacker may be able to execute arbitrary code, cause a Denial\nof Service condition, obtain sensitive information, or conduct\nCross-Site Request Forgery (CSRF). \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-client/thunderbird-68.6.0\"\n\nAll Mozilla Thunderbird binary users should upgrade to the latest\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-68.6.0\"\n\nReferences\n==========\n\n[ 1 ] MFSA-2019-35\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/\n[ 2 ] MFSA-2019-37\n https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/\n[ 3 ] MFSA-2020-07\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/\n[ 4 ] MFSA-2020-10\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/\n[ 5 ] CVE-2019-11745\n https://nvd.nist.gov/vuln/detail/CVE-2019-11745\n[ 6 ] CVE-2019-11757\n https://nvd.nist.gov/vuln/detail/CVE-2019-11757\n[ 7 ] CVE-2019-11759\n https://nvd.nist.gov/vuln/detail/CVE-2019-11759\n[ 8 ] CVE-2019-11760\n https://nvd.nist.gov/vuln/detail/CVE-2019-11760\n[ 9 ] CVE-2019-11761\n https://nvd.nist.gov/vuln/detail/CVE-2019-11761\n[ 10 ] CVE-2019-11762\n https://nvd.nist.gov/vuln/detail/CVE-2019-11762\n[ 11 ] CVE-2019-11763\n https://nvd.nist.gov/vuln/detail/CVE-2019-11763\n[ 12 ] CVE-2019-11764\n https://nvd.nist.gov/vuln/detail/CVE-2019-11764\n[ 13 ] CVE-2019-17005\n https://nvd.nist.gov/vuln/detail/CVE-2019-17005\n[ 14 ] CVE-2019-17008\n https://nvd.nist.gov/vuln/detail/CVE-2019-17008\n[ 15 ] CVE-2019-17010\n https://nvd.nist.gov/vuln/detail/CVE-2019-17010\n[ 16 ] CVE-2019-17011\n https://nvd.nist.gov/vuln/detail/CVE-2019-17011\n[ 17 ] CVE-2019-17012\n https://nvd.nist.gov/vuln/detail/CVE-2019-17012\n[ 18 ] CVE-2019-20503\n https://nvd.nist.gov/vuln/detail/CVE-2019-20503\n[ 19 ] CVE-2020-6792\n https://nvd.nist.gov/vuln/detail/CVE-2020-6792\n[ 20 ] CVE-2020-6793\n https://nvd.nist.gov/vuln/detail/CVE-2020-6793\n[ 21 ] CVE-2020-6794\n https://nvd.nist.gov/vuln/detail/CVE-2020-6794\n[ 22 ] CVE-2020-6795\n https://nvd.nist.gov/vuln/detail/CVE-2020-6795\n[ 23 ] CVE-2020-6798\n https://nvd.nist.gov/vuln/detail/CVE-2020-6798\n[ 24 ] CVE-2020-6800\n https://nvd.nist.gov/vuln/detail/CVE-2020-6800\n[ 25 ] CVE-2020-6805\n https://nvd.nist.gov/vuln/detail/CVE-2020-6805\n[ 26 ] CVE-2020-6806\n https://nvd.nist.gov/vuln/detail/CVE-2020-6806\n[ 27 ] CVE-2020-6807\n https://nvd.nist.gov/vuln/detail/CVE-2020-6807\n[ 28 ] CVE-2020-6811\n https://nvd.nist.gov/vuln/detail/CVE-2020-6811\n[ 29 ] CVE-2020-6812\n https://nvd.nist.gov/vuln/detail/CVE-2020-6812\n[ 30 ] CVE-2020-6814\n https://nvd.nist.gov/vuln/detail/CVE-2020-6814\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-10\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
},
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "156299"
},
{
"db": "PACKETSTORM",
"id": "155989"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "156721"
},
{
"db": "PACKETSTORM",
"id": "155603"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11745",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-04",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-379803",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013984",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2019-11745",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157044",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157142",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156299",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155989",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156093",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "156721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155603",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "156299"
},
{
"db": "PACKETSTORM",
"id": "155989"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "156721"
},
{
"db": "PACKETSTORM",
"id": "155603"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"id": "VAR-202001-1433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52540106
},
"last_update_date": "2024-09-19T19:37:33.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MFSA2019-36",
"trust": 0.8,
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/"
},
{
"title": "MFSA2019-37",
"trust": 0.8,
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/"
},
{
"title": "MFSA2019-38",
"trust": 0.8,
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/"
},
{
"title": "openSUSE-SU-2020:0008-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html"
},
{
"title": "openSUSE-SU-2020:0003-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
},
{
"title": "openSUSE-SU-2020:0002-1",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
},
{
"title": "Red Hat: Important: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200243 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201461 - Security Advisory"
},
{
"title": "Red Hat: Important: nss security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194114 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200466 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194152 - Security Advisory"
},
{
"title": "Red Hat: Important: nss, nss-softokn, nss-util security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194190 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201345 - Security Advisory"
},
{
"title": "Red Hat: Important: nss-softokn security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201267 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4203-2"
},
{
"title": "Ubuntu Security Notice: nss vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4203-1"
},
{
"title": "Debian Security Advisories: DSA-4579-1 nss -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0af759a984821af0886871e7a26a298e"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-11745 log"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1379",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1379"
},
{
"title": "IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=74fd642ff4a4659039a762a5a0a24106"
},
{
"title": "Amazon Linux 2: ALAS2-2023-1942",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-1942"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1384",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1384"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1355",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1355"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4216-1"
},
{
"title": "Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code execution",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201912-2"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4216-2"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4241-1"
},
{
"title": "Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=940e53f5eecee1395e2713b0ed07506b"
},
{
"title": "Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=dffa374fab03b4f5b5596346629ccc8c"
},
{
"title": "Arch Linux Advisories: [ASA-201912-1] firefox: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201912-1"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
},
{
"title": "Mozilla: Security Vulnerabilities fixed in - Firefox 71",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=a8e439d387c58595bbdb24cc3bdadd40"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4335-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11745"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2020:0243"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2020:0466"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202003-10"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202003-37"
},
{
"trust": 1.1,
"url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
},
{
"trust": 1.1,
"url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
},
{
"trust": 1.1,
"url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
},
{
"trust": 1.1,
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4241-1/"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202003-02"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4335-1/"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
},
{
"trust": 1.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11745"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-11745"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0495"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0495"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17011"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17012"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17010"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4203-2/"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4203-1/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1267"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11696"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11695"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11697"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-11698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1345"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17016"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4241-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17026"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.19.10.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17022"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17008"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6814"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6798"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-35/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6800"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-07/"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-37/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11761"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11757"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11764"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6794"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20503"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-10/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11759"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6812"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17005"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11760"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11763"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/71.0+build5-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17014"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/71.0+build5-0ubuntu0.19.10.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4216-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/71.0+build5-0ubuntu0.19.04.1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "156299"
},
{
"db": "PACKETSTORM",
"id": "155989"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "156721"
},
{
"db": "PACKETSTORM",
"id": "155603"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
},
{
"db": "PACKETSTORM",
"id": "157044"
},
{
"db": "PACKETSTORM",
"id": "156770"
},
{
"db": "PACKETSTORM",
"id": "157142"
},
{
"db": "PACKETSTORM",
"id": "156299"
},
{
"db": "PACKETSTORM",
"id": "155989"
},
{
"db": "PACKETSTORM",
"id": "156093"
},
{
"db": "PACKETSTORM",
"id": "156721"
},
{
"db": "PACKETSTORM",
"id": "155603"
},
{
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"date": "2020-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013984"
},
{
"date": "2020-04-01T15:23:37",
"db": "PACKETSTORM",
"id": "157044"
},
{
"date": "2020-03-16T22:35:27",
"db": "PACKETSTORM",
"id": "156770"
},
{
"date": "2020-04-07T16:41:47",
"db": "PACKETSTORM",
"id": "157142"
},
{
"date": "2020-02-11T15:56:55",
"db": "PACKETSTORM",
"id": "156299"
},
{
"date": "2020-01-17T16:38:14",
"db": "PACKETSTORM",
"id": "155989"
},
{
"date": "2020-01-27T22:53:39",
"db": "PACKETSTORM",
"id": "156093"
},
{
"date": "2020-03-14T17:08:25",
"db": "PACKETSTORM",
"id": "156721"
},
{
"date": "2019-12-09T23:42:22",
"db": "PACKETSTORM",
"id": "155603"
},
{
"date": "2020-01-08T20:15:12.313000",
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11745"
},
{
"date": "2020-01-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013984"
},
{
"date": "2021-02-19T17:22:17.650000",
"db": "NVD",
"id": "CVE-2019-11745"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "155989"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Firefox and Thunderbird Vulnerable to out-of-bounds writing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013984"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "156721"
},
{
"db": "PACKETSTORM",
"id": "155603"
}
],
"trust": 0.2
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.