ID

VAR-201902-0620


CVE

CVE-2018-16890


TITLE

libcurl Vulnerable to out-of-bounds reading

Trust: 0.8

sources: JVNDB: JVNDB-2018-014466

DESCRIPTION

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. libcurl Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. cURL/libcURL is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to obtain sensitive information and cause a denial-of-service condition. cURL/libcURL from 7.36.0 through 7.63.0 are vulnerable. Haxx libcurl is a basket of open source client URL transfer libraries from Haxx, Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. For the stable distribution (stretch), these problems have been fixed in version 7.52.1-5+deb9u9. We recommend that you upgrade your curl packages. For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlxbSaAACgkQbwzL4CFi RygmtA/9HlrFg7QuCYikB1GTMvAfWtmk8vV19wr+zXcG4zxjC5MSubJStmg6Fhn7 Hl4Ar+UpqF79IM02yw4drAhci7BksQtGw/akExCDtI/+jw+BeHyHSR0GApwNlrIp k1t0c/ExxLKAPQKB4hxuxs0FdZGiJxO02Ld39O4PVf9c7IkBu0bRcbVbEajvIggh RFZN8HmUaqcN57MXu1Jrb9J0XWCyiGHjqEwBY0Q7/SI7cDuV5o8LiRFBeF/J2ByZ cSW7C980qQ9t1pru3BCAoAJxX7hl+fJPxub7oeZ1FehuQKMhxS/x2vQVgG6ni02z dccgYs+JVAaLhfqMUVNdieMwvyUuVbGsLVJ15HFRs8WGMlq9qRuHVfKBteZGPkHm zXbMaQ8lndNUN/El9JmaL4EEz4yIF/ZyQaniXGLu7iUPHtlJsFSl6Rjjc6q1Fg1u rAH4xNX2G4XV6MLH0LaQmaNgSLXSQn/er7QaUFEjCkzlRGob3DXWqexB2RhyNmp2 Hg5CrMT1d9VWFXS40CdiccPK+Bu0sEwuyzHWJMAQ2gRZ8Wv5MbqqOH8T9yLwXEgB u3MnQsWHs8nNKGs/ca6y6sRFMNhjVTA1Xwe12ZrO5UqZmpZJHgmSYEslboaLffGa zi3ucm1DATRJcTbMYvpZhS60QjkYr2nXgBwYYABTb2ZvDOTE6j4ILC -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2019:3701-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3701 Issue date: 2019-11-05 CVE Names: CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 CVE-2019-3823 ===================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890) * wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483) * curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822) * curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1662705 - CVE-2018-20483 wget: Information exposure in set_file_metadata function in xattr.c 1669156 - connection re-use does not work for SCP and SFTP 1670252 - CVE-2018-16890 curl: NTLM type-2 heap out-of-bounds buffer read 1670254 - CVE-2019-3822 curl: NTLMv2 type-3 header stack buffer overflow 1670256 - CVE-2019-3823 curl: SMTP end-of-response out-of-bounds read 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: curl-7.61.1-11.el8.src.rpm aarch64: curl-7.61.1-11.el8.aarch64.rpm curl-debuginfo-7.61.1-11.el8.aarch64.rpm curl-debugsource-7.61.1-11.el8.aarch64.rpm curl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-7.61.1-11.el8.aarch64.rpm libcurl-debuginfo-7.61.1-11.el8.aarch64.rpm libcurl-devel-7.61.1-11.el8.aarch64.rpm libcurl-minimal-7.61.1-11.el8.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.aarch64.rpm ppc64le: curl-7.61.1-11.el8.ppc64le.rpm curl-debuginfo-7.61.1-11.el8.ppc64le.rpm curl-debugsource-7.61.1-11.el8.ppc64le.rpm curl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-7.61.1-11.el8.ppc64le.rpm libcurl-debuginfo-7.61.1-11.el8.ppc64le.rpm libcurl-devel-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-7.61.1-11.el8.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.ppc64le.rpm s390x: curl-7.61.1-11.el8.s390x.rpm curl-debuginfo-7.61.1-11.el8.s390x.rpm curl-debugsource-7.61.1-11.el8.s390x.rpm curl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-7.61.1-11.el8.s390x.rpm libcurl-debuginfo-7.61.1-11.el8.s390x.rpm libcurl-devel-7.61.1-11.el8.s390x.rpm libcurl-minimal-7.61.1-11.el8.s390x.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.s390x.rpm x86_64: curl-7.61.1-11.el8.x86_64.rpm curl-debuginfo-7.61.1-11.el8.i686.rpm curl-debuginfo-7.61.1-11.el8.x86_64.rpm curl-debugsource-7.61.1-11.el8.i686.rpm curl-debugsource-7.61.1-11.el8.x86_64.rpm curl-minimal-debuginfo-7.61.1-11.el8.i686.rpm curl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-7.61.1-11.el8.i686.rpm libcurl-7.61.1-11.el8.x86_64.rpm libcurl-debuginfo-7.61.1-11.el8.i686.rpm libcurl-debuginfo-7.61.1-11.el8.x86_64.rpm libcurl-devel-7.61.1-11.el8.i686.rpm libcurl-devel-7.61.1-11.el8.x86_64.rpm libcurl-minimal-7.61.1-11.el8.i686.rpm libcurl-minimal-7.61.1-11.el8.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.i686.rpm libcurl-minimal-debuginfo-7.61.1-11.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-16890 https://access.redhat.com/security/cve/CVE-2018-20483 https://access.redhat.com/security/cve/CVE-2019-3822 https://access.redhat.com/security/cve/CVE-2019-3823 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXcHzVtzjgjWX9erEAQjvzw/+OUU07vnIT/4FS8aZD7Z8yUMYBwGhlMYm jIfVcRL/CuCe64zoTLyPhU3qJGuj84Fdx5ryxWglnimoERd3VXMZ5OZSPz8w738j owx9pN0gVooc5MGykJm9OP27BeXU4ZceWtvX5L2jRPvSzvlTavUfwfQ7rjFuxK1A FfNoJurwBKLowh31BBZjuak6GZ6YBH9kY3vAS5BUZxuijSS8zIsnOvFwgB152p56 tvJN7/Rtwh56msrg/AF/HLCneOs8LH+k3VWs4tucW/cSbzFSJPXeiZyVBCxj60FW jlIcOH8Joo79HVenK8TWw9rpd1QIaNwh84DmVXoKR2GKt4DL8ZFeL5oqHN8A2OkO I5G2DHgaE3sgOkTKiCoUzQrIIfRmwEfqYPw3SGZZhXIVbbWtlQ01xERMIunamXE2 Rfk2zd8M7HB+c2hiRD842wnULCAINY/w6e8J4g6kZQ4tn+eIKTwB7pVUzROMwBNq OKJFm8reEYOtgH3q+xmg13N1jkynTgFlcgLQ1ua+nS8o6fJE/23lgMdJY/oUXgnc szJLxMAySEePZF0QI9f8hedm+D5hGzkRB3KYqkv8OagSW0G2RAxadoLdl5qH5Doq l4gaFPgMIKK9yxnj+8gm7zsZiUNdebj5+c4eU7OZ1s98tzPQ3/W39m/8tNM3ueB0 PK6rxvdCr2I= =8Z+p -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283) * SSL/TLS: CBC padding timing attack (lucky-13) (CVE-2013-0169) * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions (CVE-2019-16769) * kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) (CVE-2020-7013) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser (CVE-2020-7662) * nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * openshift/console: text injection on error page via crafted url (CVE-2020-10715) * kibana: X-Frame-Option not set by default might lead to clickjacking (CVE-2020-10743) * openshift: restricted SCC allows pods to craft custom network packets (CVE-2020-14336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 907589 - CVE-2013-0169 SSL/TLS: CBC padding timing attack (lucky-13) 1701972 - CVE-2019-11358 jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection 1767665 - CVE-2020-10715 openshift/console: text injection on error page via crafted url 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1834550 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking 1845982 - CVE-2020-7662 npmjs-websocket-extensions: ReDoS vulnerability in Sec-WebSocket-Extensions parser 1848089 - CVE-2020-12052 grafana: XSS annotation popup vulnerability 1848092 - CVE-2019-16769 npm-serialize-javascript: XSS via unsafe characters in serialized regular expressions 1848643 - CVE-2020-12245 grafana: XSS via column.title or cellLinkTooltip 1848647 - CVE-2020-13822 nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures 1849044 - CVE-2020-7013 kibana: Prototype pollution in TSVB could result in arbitrary code execution (ESA-2020-06) 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1850572 - CVE-2018-18624 grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1858981 - CVE-2020-14336 openshift: restricted SCC allows pods to craft custom network packets 1861044 - CVE-2020-11110 grafana: stored XSS 1874671 - CVE-2020-14336 ose-machine-config-operator-container: openshift: restricted SCC allows pods to craft custom network packets [openshift-4] 5. ========================================================================== Ubuntu Security Notice USN-3882-1 February 06, 2019 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in curl. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-16890) Wenxiang Qian discovered that curl incorrectly handled certain NTLMv2 authentication messages. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2019-3822) Brian Carpenter discovered that curl incorrectly handled certain SMTP responses. (CVE-2019-3823) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: curl 7.61.0-1ubuntu2.3 libcurl3-gnutls 7.61.0-1ubuntu2.3 libcurl3-nss 7.61.0-1ubuntu2.3 libcurl4 7.61.0-1ubuntu2.3 Ubuntu 18.04 LTS: curl 7.58.0-2ubuntu3.6 libcurl3-gnutls 7.58.0-2ubuntu3.6 libcurl3-nss 7.58.0-2ubuntu3.6 libcurl4 7.58.0-2ubuntu3.6 Ubuntu 16.04 LTS: curl 7.47.0-1ubuntu2.12 libcurl3 7.47.0-1ubuntu2.12 libcurl3-gnutls 7.47.0-1ubuntu2.12 libcurl3-nss 7.47.0-1ubuntu2.12 Ubuntu 14.04 LTS: curl 7.35.0-1ubuntu2.20 libcurl3 7.35.0-1ubuntu2.20 libcurl3-gnutls 7.35.0-1ubuntu2.20 libcurl3-nss 7.35.0-1ubuntu2.20 In general, a standard system update will make all the necessary changes. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/curl-7.64.0-i586-1_slack14.2.txz: Upgraded. NTLMv2 type-3 header stack buffer overflow. SMTP end-of-response out-of-bounds read. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.64.0-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.64.0-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.64.0-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.64.0-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/curl-7.64.0-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/curl-7.64.0-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.64.0-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.64.0-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: 94fb3c50acd4f7640ca62ed6d18512c6 curl-7.64.0-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 4c21f7f6b2529badfd6c43c08a43df18 curl-7.64.0-x86_64-1_slack14.0.txz Slackware 14.1 package: e57b9b6125d0ffd54ce56ed9cbc32fb5 curl-7.64.0-i486-1_slack14.1.txz Slackware x86_64 14.1 package: f599f0dca7cf5e1839204ab6a6cdcbb1 curl-7.64.0-x86_64-1_slack14.1.txz Slackware 14.2 package: 357b50273d07ae2deef0958d8f5b5afa curl-7.64.0-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 6c259df05c840f74dc4b3a84c6d4f212 curl-7.64.0-x86_64-1_slack14.2.txz Slackware -current package: 9fa3ea811b5c4cca6382d7e18b2845a2 n/curl-7.64.0-i586-1.txz Slackware x86_64 -current package: 869267a25c87036e7c9c909d2f3891c9 n/curl-7.64.0-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg curl-7.64.0-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 2.52

sources: NVD: CVE-2018-16890 // JVNDB: JVNDB-2018-014466 // BID: 106947 // VULHUB: VHN-127295 // VULMON: CVE-2018-16890 // PACKETSTORM: 151568 // PACKETSTORM: 155162 // PACKETSTORM: 159727 // PACKETSTORM: 151566 // PACKETSTORM: 151569

AFFECTED PRODUCTS

vendor:oraclemodel:communications operations monitorscope:eqversion:4.0

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:15.0.1

Trust: 1.0

vendor:oraclemodel:communications operations monitorscope:eqversion:3.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.1.3

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:14.0.0

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:14.1.2

Trust: 1.0

vendor:haxxmodel:libcurlscope:gteversion:7.36.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion:*

Trust: 1.0

vendor:oraclemodel:secure global desktopscope:eqversion:5.4

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:siemensmodel:sinema remote connect clientscope:lteversion:2.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:15.0.0

Trust: 1.0

vendor:haxxmodel:libcurlscope:ltversion:7.64.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:haxxmodel:libcurlscope:ltversion:7.36.0 thats all 7.64.0

Trust: 0.8

vendor:ubuntumodel:linuxscope:eqversion:18.10

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:18.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:siemensmodel:sinema remote connect clientscope:eqversion:1.0

Trust: 0.3

vendor:redhatmodel:software collections for rhelscope:eqversion:0

Trust: 0.3

vendor:oraclemodel:services tools bundlescope:eqversion:19.2

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:8.0.15

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:8.0.14

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:8.0.13

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:8.0.12

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:8.0.11

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.26

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.25

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.24

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.23

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.22

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.21

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.20

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.19

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.18

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.17

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.16

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.15

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7.12

Trust: 0.3

vendor:oraclemodel:mysql serverscope:eqversion:5.7

Trust: 0.3

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4

Trust: 0.3

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 0.3

vendor:netappmodel:clustered data ontapscope:eqversion:0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.63

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.62

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.61.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.61

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.60

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.59

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.58

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.57

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.56.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.56

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.55.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.54.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.54

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.53.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.53

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.52

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.51

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.50.3

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.50.2

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.50.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.50

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.47

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.46

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.43

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.42.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.36

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.6.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.6

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.55.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.52.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.5.2

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.5.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.49.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.48.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.42.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.41.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.40.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.4.2

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.4.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.4

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.39

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.38.0

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.37.1

Trust: 0.3

vendor:haxxmodel:libcurlscope:eqversion:7.37.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.62

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.61.1

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.61

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.60

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.59

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.58

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.56.1

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.56

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.55.1

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.55

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.54.1

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.54

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.53.1

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.53

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.52

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.51

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.50.3

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.50

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.47

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.46

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.45

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.43

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.42.1

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.36

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.63.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.6.1

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.6

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.57.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.52.1

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.50.1

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.49.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.48.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.42.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.41.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.40.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.39.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.38.0

Trust: 0.3

vendor:haxxmodel:curlscope:eqversion:7.37.1

Trust: 0.3

vendor:siemensmodel:sinema remote connect client hf1scope:neversion:2.0

Trust: 0.3

vendor:haxxmodel:curlscope:neversion:7.64.0

Trust: 0.3

sources: BID: 106947 // JVNDB: JVNDB-2018-014466 // NVD: CVE-2018-16890

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16890
value: HIGH

Trust: 1.0

secalert@redhat.com: CVE-2018-16890
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-16890
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201902-122
value: HIGH

Trust: 0.6

VULHUB: VHN-127295
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-16890
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-16890
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-127295
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16890
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

secalert@redhat.com: CVE-2018-16890
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.0

Trust: 1.0

NVD: CVE-2018-16890
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-127295 // VULMON: CVE-2018-16890 // JVNDB: JVNDB-2018-014466 // CNNVD: CNNVD-201902-122 // NVD: CVE-2018-16890 // NVD: CVE-2018-16890

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.9

problemtype:CWE-190

Trust: 1.1

sources: VULHUB: VHN-127295 // JVNDB: JVNDB-2018-014466 // NVD: CVE-2018-16890

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 151566 // CNNVD: CNNVD-201902-122

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201902-122

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014466

PATCH

title:DSA-4386url:https://www.debian.org/security/2019/dsa-4386

Trust: 0.8

title:NTLM type-2 out-of-bounds buffer readurl:https://curl.haxx.se/docs/CVE-2018-16890.html

Trust: 0.8

title:USN-3882-1url:https://usn.ubuntu.com/3882-1/

Trust: 0.8

title:Red Hat: Moderate: curl security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193701 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: curl vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3882-1

Trust: 0.1

title:Red Hat: CVE-2018-16890url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-16890

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-16890

Trust: 0.1

title:Arch Linux Advisories: [ASA-201902-9] curl: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201902-9

Trust: 0.1

title:Arch Linux Advisories: [ASA-201902-10] libcurl-gnutls: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201902-10

Trust: 0.1

title:Arch Linux Advisories: [ASA-201902-13] lib32-curl: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201902-13

Trust: 0.1

title:Arch Linux Advisories: [ASA-201902-12] lib32-libcurl-compat: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201902-12

Trust: 0.1

title:Arch Linux Advisories: [ASA-201902-11] lib32-libcurl-gnutls: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201902-11

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Event Streams is affected by cURL vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=22decc09aeaa3dba577a38ac2ead2bac

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=8a056bd2177d12192b11798b7ac3e013

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1162url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1162

Trust: 0.1

title:IBM: IBM Security Bulletin: BigFix Platform 9.5.x / 9.2.x affected by multiple vulnerabilities (CVE-2018-16839, CVE-2018-16842, CVE-2018-16840, CVE-2019-3823, CVE-2019-3822, CVE-2018-16890, CVE-2019-4011, CVE-2018-2005, CVE-2019-4058, CVE-2019-1559)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0b05dc856c1be71db871bcea94f6fa8d

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6.1 image security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204298 - Security Advisory

Trust: 0.1

title:CVE-2018-16890url:https://github.com/zjw88282740/CVE-2018-16890

Trust: 0.1

title:TrivyWeburl:https://github.com/KorayAgaya/TrivyWeb

Trust: 0.1

title:cveurl:https://github.com/michwqy/cve

Trust: 0.1

title:github_aquasecurity_trivyurl:https://github.com/back8/github_aquasecurity_trivy

Trust: 0.1

title:trivyurl:https://github.com/simiyo/trivy

Trust: 0.1

title:trivyurl:https://github.com/aquasecurity/trivy

Trust: 0.1

title:trivyurl:https://github.com/knqyf263/trivy

Trust: 0.1

title:securityurl:https://github.com/umahari/security

Trust: 0.1

title: - url:https://github.com/Mohzeela/external-secret

Trust: 0.1

title:Vulnerability-Scanner-for-Containersurl:https://github.com/t31m0/Vulnerability-Scanner-for-Containers

Trust: 0.1

title:trivyurl:https://github.com/siddharthraopotukuchi/trivy

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

sources: VULMON: CVE-2018-16890 // JVNDB: JVNDB-2018-014466

EXTERNAL IDS

db:NVDid:CVE-2018-16890

Trust: 3.4

db:SIEMENSid:SSA-436177

Trust: 2.1

db:BIDid:106947

Trust: 2.1

db:ICS CERTid:ICSA-19-099-04

Trust: 1.8

db:PACKETSTORMid:159727

Trust: 0.8

db:JVNDBid:JVNDB-2018-014466

Trust: 0.8

db:CNNVDid:CNNVD-201902-122

Trust: 0.7

db:AUSCERTid:ESB-2019.1084

Trust: 0.6

db:AUSCERTid:ESB-2019.0381.3

Trust: 0.6

db:AUSCERTid:ESB-2020.3700

Trust: 0.6

db:AUSCERTid:ESB-2019.1221

Trust: 0.6

db:PACKETSTORMid:151566

Trust: 0.2

db:PACKETSTORMid:151568

Trust: 0.2

db:PACKETSTORMid:155162

Trust: 0.2

db:PACKETSTORMid:151569

Trust: 0.2

db:VULHUBid:VHN-127295

Trust: 0.1

db:VULMONid:CVE-2018-16890

Trust: 0.1

sources: VULHUB: VHN-127295 // VULMON: CVE-2018-16890 // BID: 106947 // JVNDB: JVNDB-2018-014466 // PACKETSTORM: 151568 // PACKETSTORM: 155162 // PACKETSTORM: 159727 // PACKETSTORM: 151566 // PACKETSTORM: 151569 // CNNVD: CNNVD-201902-122 // NVD: CVE-2018-16890

REFERENCES

url:http://www.securityfocus.com/bid/106947

Trust: 3.7

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-16890

Trust: 2.9

url:https://access.redhat.com/errata/rhsa-2019:3701

Trust: 2.5

url:https://usn.ubuntu.com/3882-1/

Trust: 2.2

url:https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf

Trust: 2.1

url:https://security.netapp.com/advisory/ntap-20190315-0001/

Trust: 2.1

url:https://www.debian.org/security/2019/dsa-4386

Trust: 2.1

url:https://curl.haxx.se/docs/cve-2018-16890.html

Trust: 2.1

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 2.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16890

Trust: 1.9

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.8

url:https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3cdevnull.infra.apache.org%3e

Trust: 1.1

url:https://support.f5.com/csp/article/k03314397?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2018-16890

Trust: 1.1

url:https://ics-cert.us-cert.gov/advisories/icsa-19-099-04

Trust: 1.0

url:http://curl.haxx.se/

Trust: 0.9

url:https://github.com/curl/curl/commit/b780b30d

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16890

Trust: 0.9

url:https://www.us-cert.gov/ics/advisories/icsa-19-099-04

Trust: 0.8

url:https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3cdevnull.infra.apache.org%3e

Trust: 0.7

url:https://support.f5.com/csp/article/k03314397?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:http://www.ibm.com/support/docview.wss

Trust: 0.6

url:https://www.auscert.org.au/bulletins/75218

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10881996

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-19-099-04

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3700/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78786

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10876554

Trust: 0.6

url:https://packetstormsecurity.com/files/159727/red-hat-security-advisory-2020-4298-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78194

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-3822

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-3823

Trust: 0.4

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3822

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2018-20483

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-3823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2018-20483

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://support.f5.com/csp/article/k03314397?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/125.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://github.com/zjw88282740/cve-2018-16890

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=59578

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security-tracker.debian.org/tracker/curl

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8768

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8535

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10743

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15718

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1712

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8518

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8611

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8203

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8676

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1549

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-9251

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20060

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19519

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11070

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7150

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1547

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7664

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8607

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12052

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8623

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15366

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8594

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20060

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8601

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11324

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19925

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7146

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11324

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11236

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-10739

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5481

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8536

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8686

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8671

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12447

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8544

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12049

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8571

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-19519

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8677

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5436

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13753

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8558

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11459

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12447

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8679

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12795

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20657

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3844

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6454

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20852

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14336

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8619

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4298

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8622

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1010180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7598

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8681

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3825

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8523

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18074

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0169

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6237

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-6706

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20337

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8673

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8559

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8687

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13822

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19923

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16769

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8672

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11358

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8608

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7662

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8615

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7665

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8666

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8457

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5953

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8689

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15847

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11236

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19924

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8586

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12245

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14404

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8726

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010204

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8596

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8696

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8610

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18408

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13636

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1563

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11070

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-7149

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16056

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-10739

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20337

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18074

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11110

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8584

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19959

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8675

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8563

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10531

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13232

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1010180

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8609

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8587

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-18751

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8506

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18624

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8583

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-9251

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12448

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11008

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11459

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-8597

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.12

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.61.0-1ubuntu2.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.6

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.20

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3882-1

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3822

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3823

Trust: 0.1

sources: VULHUB: VHN-127295 // VULMON: CVE-2018-16890 // BID: 106947 // JVNDB: JVNDB-2018-014466 // PACKETSTORM: 151568 // PACKETSTORM: 155162 // PACKETSTORM: 159727 // PACKETSTORM: 151566 // PACKETSTORM: 151569 // CNNVD: CNNVD-201902-122 // NVD: CVE-2018-16890

CREDITS

Wenxiang Qian of Tencent Blade Team,Siemens ProductCERT reported these vulnerabilities to NCCIC.,Red Hat

Trust: 0.6

sources: CNNVD: CNNVD-201902-122

SOURCES

db:VULHUBid:VHN-127295
db:VULMONid:CVE-2018-16890
db:BIDid:106947
db:JVNDBid:JVNDB-2018-014466
db:PACKETSTORMid:151568
db:PACKETSTORMid:155162
db:PACKETSTORMid:159727
db:PACKETSTORMid:151566
db:PACKETSTORMid:151569
db:CNNVDid:CNNVD-201902-122
db:NVDid:CVE-2018-16890

LAST UPDATE DATE

2024-08-14T12:19:06.978000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-127295date:2020-09-18T00:00:00
db:VULMONid:CVE-2018-16890date:2023-11-07T00:00:00
db:BIDid:106947date:2019-07-17T08:00:00
db:JVNDBid:JVNDB-2018-014466date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201902-122date:2021-03-10T00:00:00
db:NVDid:CVE-2018-16890date:2023-11-07T02:53:57.803

SOURCES RELEASE DATE

db:VULHUBid:VHN-127295date:2019-02-06T00:00:00
db:VULMONid:CVE-2018-16890date:2019-02-06T00:00:00
db:BIDid:106947date:2019-02-06T00:00:00
db:JVNDBid:JVNDB-2018-014466date:2019-03-25T00:00:00
db:PACKETSTORMid:151568date:2019-02-07T16:32:00
db:PACKETSTORMid:155162date:2019-11-06T15:57:33
db:PACKETSTORMid:159727date:2020-10-27T16:59:02
db:PACKETSTORMid:151566date:2019-02-06T22:35:20
db:PACKETSTORMid:151569date:2019-02-07T16:32:06
db:CNNVDid:CNNVD-201902-122date:2019-02-06T00:00:00
db:NVDid:CVE-2018-16890date:2019-02-06T20:29:00.243