Details of VAR-201802-0492

ID

VAR-201802-0492

CVE

CVE-2017-18190

TITLE

CUPS Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-012680

DESCRIPTION

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). CUPS Contains vulnerabilities related to security features.Information may be tampered with. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. This vulnerability can be used to execute arbitrary IPP commands. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Bug Fix(es): * Gather image registry config (backport to 4.3) (BZ#1836815) * Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176) * Login with OpenShift not working after cluster upgrade (BZ#1852429) * Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018) * [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110) * [release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64 The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc 3. Solution: For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2020:3864-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3864 Issue date: 2020-09-29 CVE Names: CVE-2017-18190 CVE-2019-8675 CVE-2019-8696 ==================================================================== 1. Summary: An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: DNS rebinding attacks via incorrect whitelist (CVE-2017-18190) * cups: stack-buffer-overflow in libcups's asn1_get_type function (CVE-2019-8675) * cups: stack-buffer-overflow in libcups's asn1_get_packed function (CVE-2019-8696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the cupsd service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1546395 - CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist 1715907 - CUPS- client: cupsGetPPD3() function tries to load PPD from IPP printer and not from the CUPS queue 1738455 - CVE-2019-8675 cups: stack-buffer-overflow in libcups's asn1_get_type function 1738497 - CVE-2019-8696 cups: stack-buffer-overflow in libcups's asn1_get_packed function 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm ppc64: cups-1.6.3-51.el7.ppc64.rpm cups-client-1.6.3-51.el7.ppc64.rpm cups-debuginfo-1.6.3-51.el7.ppc.rpm cups-debuginfo-1.6.3-51.el7.ppc64.rpm cups-devel-1.6.3-51.el7.ppc.rpm cups-devel-1.6.3-51.el7.ppc64.rpm cups-libs-1.6.3-51.el7.ppc.rpm cups-libs-1.6.3-51.el7.ppc64.rpm cups-lpd-1.6.3-51.el7.ppc64.rpm ppc64le: cups-1.6.3-51.el7.ppc64le.rpm cups-client-1.6.3-51.el7.ppc64le.rpm cups-debuginfo-1.6.3-51.el7.ppc64le.rpm cups-devel-1.6.3-51.el7.ppc64le.rpm cups-libs-1.6.3-51.el7.ppc64le.rpm cups-lpd-1.6.3-51.el7.ppc64le.rpm s390x: cups-1.6.3-51.el7.s390x.rpm cups-client-1.6.3-51.el7.s390x.rpm cups-debuginfo-1.6.3-51.el7.s390.rpm cups-debuginfo-1.6.3-51.el7.s390x.rpm cups-devel-1.6.3-51.el7.s390.rpm cups-devel-1.6.3-51.el7.s390x.rpm cups-libs-1.6.3-51.el7.s390.rpm cups-libs-1.6.3-51.el7.s390x.rpm cups-lpd-1.6.3-51.el7.s390x.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: cups-debuginfo-1.6.3-51.el7.ppc64.rpm cups-ipptool-1.6.3-51.el7.ppc64.rpm ppc64le: cups-debuginfo-1.6.3-51.el7.ppc64le.rpm cups-ipptool-1.6.3-51.el7.ppc64le.rpm s390x: cups-debuginfo-1.6.3-51.el7.s390x.rpm cups-ipptool-1.6.3-51.el7.s390x.rpm x86_64: cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18190 https://access.redhat.com/security/cve/CVE-2019-8675 https://access.redhat.com/security/cve/CVE-2019-8696 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OfSNzjgjWX9erEAQip1g//fGQ6FQsoJ/QpnHB9KiGT507Wl0HwxQYz FaaarvC/P+E78cXLDikMs/eIY9dIXeyOZyPja/u4sNSwl/ZwPxqrm7ikV0va3UrE +NciXotVICT59ONqmFwNoBsAkxHG84hDxuhRKe8MDgJQWrOruXsbzxzznQam6s4v etRS7p8TPKDyYCGqQui8WRvFWQtVbtFHGR7Gnz5AMkTFanUqU9dxQu070UbUtkNl 6TpB++/AU9X48a/RkLlt7rgtEAT0eG0VJkPUxhollegIWxTq6ICuKwLcnH7jnphD nY5DEUE7NdP8rPkw9XKnKSlkIR68M3SMDhu/cfvwfj0QzsjzERRNdOIbKiFiV3/w Ayp2r2r9XxWAUXp7Rgm6meRlmNv+lTAyTXLVo3VrtGpU6221vszaiLhlQikqExsu 9DwvLWMyabQrdv+eWCYCRYyz/oiv+j7LjB6sN83baF9nF7WBSTIeTVq3ZgMo/orX vWmaRdN0ozVtKKsVGtns7Cb9UUIpU2h903i3VNa6SJKS1TyiqvkfG7Yq+h63BDyw CB3c0K/3W/KX9GhbqVLM/q45xBPkqCCliSoeibSL+LgbgAXokIXd4Pen9C76h6g2 FsI6JQ/SQ8iPaXDyWd8P7BVANKBIL/tXknRCQSUjC7mGJA372/euzQw98+FYCUzq RML7ea/mqjI=bzrd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3577-1 February 21, 2018 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: CUPS could be made to provide access to printers over the network. Software Description: - cups: Common UNIX Printing System(tm) Details: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack. (CVE-2017-18190) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.4 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.9 In general, a standard system update will make all the necessary changes

Trust: 2.07

sources: NVD: CVE-2017-18190 // JVNDB: JVNDB-2017-012680 // VULHUB: VHN-109288 // VULMON: CVE-2017-18190 // PACKETSTORM: 159661 // PACKETSTORM: 159343 // PACKETSTORM: 146494

AFFECTED PRODUCTS

vendor:	apple	model:	cups	scope:	lt	version:	2.2.2	Trust: 1.8
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.6
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	eq	version:	7.0	Trust: 0.8

sources: JVNDB: JVNDB-2017-012680 // CNNVD: CNNVD-201802-883 // NVD: CVE-2017-18190

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18190
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-18190
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201802-883
value:	HIGH
Trust: 0.6
VULHUB:	VHN-109288
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2017-18190
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-18190
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-109288
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-18190
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-109288 // VULMON: CVE-2017-18190 // JVNDB: JVNDB-2017-012680 // CNNVD: CNNVD-201802-883 // NVD: CVE-2017-18190

PROBLEMTYPE DATA

problemtype:	CWE-290	Trust: 1.1
problemtype:	CWE-254	Trust: 0.9

sources: VULHUB: VHN-109288 // JVNDB: JVNDB-2017-012680 // NVD: CVE-2017-18190

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-883

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201802-883

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012680

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-109288

PATCH

title:	[SECURITY] [DLA 1288-1] cups security update	url:	https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html	Trust: 0.8
title:	Don't treat "localhost.localdomain" as an allowed replacement for localhost, since it isn't.	url:	https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41	Trust: 0.8
title:	Apple CUPS Fixing measures for security feature vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92097	Trust: 0.6
title:	Ubuntu Security Notice: cups vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3577-1	Trust: 0.1
title:	Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory	Trust: 0.1

sources: VULMON: CVE-2017-18190 // JVNDB: JVNDB-2017-012680 // CNNVD: CNNVD-201802-883

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18190	Trust: 2.9
db:	PACKETSTORM	id:	159343	Trust: 0.8
db:	PACKETSTORM	id:	159661	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-012680	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-883	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3631	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3376	Trust: 0.6
db:	PACKETSTORM	id:	146494	Trust: 0.2
db:	VULHUB	id:	VHN-109288	Trust: 0.1
db:	VULMON	id:	CVE-2017-18190	Trust: 0.1

sources: VULHUB: VHN-109288 // VULMON: CVE-2017-18190 // JVNDB: JVNDB-2017-012680 // PACKETSTORM: 159661 // PACKETSTORM: 159343 // PACKETSTORM: 146494 // CNNVD: CNNVD-201802-883 // NVD: CVE-2017-18190

REFERENCES

url:	https://usn.ubuntu.com/3577-1/	Trust: 1.9
url:	https://bugs.chromium.org/p/project-zero/issues/detail?id=1048	Trust: 1.8
url:	https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-18190	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18190	Trust: 0.8
url:	https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3376/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159343/red-hat-security-advisory-2020-3864-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3631/	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8696	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8675	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-18190	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/290.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2017-18190	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4264	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-2974	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19126	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12652	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11068	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5482	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18197	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2226	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2780	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-16935	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12450	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2974	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2752	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20386	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2574	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17546	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14352	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14822	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16935	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2225	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5482	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8492	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12825	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2181	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5188	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-12652	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12450	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2182	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17546	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.3/updating/updating-cluster	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20386	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24750	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2224	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5094	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5188	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19126	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11068	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2812	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8675	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8696	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3864	Trust: 0.1
url:	https://www.ubuntu.com/usn/usn-3577-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.9	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.4	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 159661 // PACKETSTORM: 159343 // CNNVD: CNNVD-201802-883

SOURCES

db:	VULHUB	id:	VHN-109288
db:	VULMON	id:	CVE-2017-18190
db:	JVNDB	id:	JVNDB-2017-012680
db:	PACKETSTORM	id:	159661
db:	PACKETSTORM	id:	159343
db:	PACKETSTORM	id:	146494
db:	CNNVD	id:	CNNVD-201802-883
db:	NVD	id:	CVE-2017-18190

LAST UPDATE DATE

2024-11-23T20:02:42.208000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-109288	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-18190	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-012680	date:	2018-04-04T00:00:00
db:	CNNVD	id:	CNNVD-201802-883	date:	2020-10-23T00:00:00
db:	NVD	id:	CVE-2017-18190	date:	2024-11-21T03:19:31.260

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-109288	date:	2018-02-16T00:00:00
db:	VULMON	id:	CVE-2017-18190	date:	2018-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2017-012680	date:	2018-04-04T00:00:00
db:	PACKETSTORM	id:	159661	date:	2020-10-21T15:40:32
db:	PACKETSTORM	id:	159343	date:	2020-09-30T15:42:35
db:	PACKETSTORM	id:	146494	date:	2018-02-20T22:25:00
db:	CNNVD	id:	CNNVD-201802-883	date:	2018-02-16T00:00:00
db:	NVD	id:	CVE-2017-18190	date:	2018-02-16T17:29:00.217