ID

VAR-202001-1433


CVE

CVE-2019-11745


TITLE

Red Hat Security Advisory 2020-1267-01

Trust: 0.1

sources: PACKETSTORM: 157044

DESCRIPTION

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Background ========== The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nss-softokn security update Advisory ID: RHSA-2019:4152-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4152 Issue date: 2019-12-10 CVE Names: CVE-2019-11745 ==================================================================== 1. Summary: An update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm ppc64: nss-softokn-3.44.0-6.el6_10.ppc.rpm nss-softokn-3.44.0-6.el6_10.ppc64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc64.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc64.rpm s390x: nss-softokn-3.44.0-6.el6_10.s390.rpm nss-softokn-3.44.0-6.el6_10.s390x.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390x.rpm nss-softokn-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-devel-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390x.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXe+MiNzjgjWX9erEAQiepQ/7BesVlTbWtK/e4tqUqQ2WADoCPilxvBo5 lQ/zdsIXw069qAzU/GutaUM3DN7qvxSDCtxOTeQy605jkHYnV1HPjIXxYkug6ETV atrTxcph7BwV5w3sS4D+/N7FvYaGfluSQL65lihS3VNvtiA3excFw3hyaPeI/miM N7+ZHE+kD3vFL2DL6gOMTa/FGfa2w55ka0ODEpL9xCm+vBwVEyNAYVZqzfDQdWwz 5gWlJd7NEJq1qqrNlMuwOrn3YYd2R9VPcrYEvoNRW/Dcf5BNstDmadIPAVcsG1rT Me5PeII3MRIHLEkgYGFNmrxcctWSdC1VIuMsSUdC1lKnqZSpHMq4JjaNfjh3TAtg 2Avl2Jyhm1N56h6OsQo/UX2A7vRdGfgmVlv5jkFBYvjdilLmFQRCzouyJMAXmbZu pUAqowHA9cN3RUYU7so7cU/4AKI3nlsHpH1o1ExICEUclsKn2rnxJquGMxhsVxEv rnv9JKH4IuGKBxt0KTUZRLYsSdHdbrAhlHvanLCi9px7KvqTNIMpblijHLe/1OqD 9mVJjZpCAIJ3et+qPKzfdnjd76UqWbndQlgAwlVN07XODHBLSZkh0iY1nT1Az/WN +wo3O48nWAzPvg2H5jy/+zq7mLI16W0t2mG8rUXHR2Don93Efomtbs7sFDxiiMOP Iowc4iq7Yac=lxBi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4335-1 April 21, 2020 thunderbird vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: thunderbird 1:68.7.0+build1-0ubuntu0.16.04.2 After a standard system update you need to restart Thunderbird to make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. 6.6) - x86_64 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: March 12, 2020 Bugs: #702638, #705000, #709346, #712182 ID: 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Background ========== Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 68.6.0 >= 68.6.0 2 www-client/firefox-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0" References ========== [ 1 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 2 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 3 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 4 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 5 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 6 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 7 ] CVE-2019-17016 https://nvd.nist.gov/vuln/detail/CVE-2019-17016 [ 8 ] CVE-2019-17017 https://nvd.nist.gov/vuln/detail/CVE-2019-17017 [ 9 ] CVE-2019-17022 https://nvd.nist.gov/vuln/detail/CVE-2019-17022 [ 10 ] CVE-2019-17024 https://nvd.nist.gov/vuln/detail/CVE-2019-17024 [ 11 ] CVE-2019-17026 https://nvd.nist.gov/vuln/detail/CVE-2019-17026 [ 12 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 13 ] CVE-2020-6796 https://nvd.nist.gov/vuln/detail/CVE-2020-6796 [ 14 ] CVE-2020-6797 https://nvd.nist.gov/vuln/detail/CVE-2020-6797 [ 15 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 16 ] CVE-2020-6799 https://nvd.nist.gov/vuln/detail/CVE-2020-6799 [ 17 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 18 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 19 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 20 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 21 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 22 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 23 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814 [ 24 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 25 ] MFSA-2020-03 https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ [ 26 ] MFSA-2020-06 https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ [ 27 ] MFSA-2020-09 https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] mozilla-firefox (SSA:2019-337-01) New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/firefox/68.3.0/releasenotes/ https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html https://www.mozilla.org/security/advisories/mfsa2019-37/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17008 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17009 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17010 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17005 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17011 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17012 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/mozilla-firefox-68.3.0esr-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-68.3.0esr-i686-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/mozilla-firefox-68.3.0esr-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 87f700f9d6e2f2714f34bd4df98daff3 mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz Slackware x86_64 14.2 package: a1fc7f2d55d99552fbfef89c0a4fc4d8 mozilla-firefox-68.3.0esr-x86_64-1_slack14.2.txz Slackware -current package: b398fbd95c214bc1f209344809557650 xap/mozilla-firefox-68.3.0esr-i686-1.txz Slackware x86_64 -current package: 54fdcfaa0337054003900c366020e39f xap/mozilla-firefox-68.3.0esr-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg mozilla-firefox-68.3.0esr-i686-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Trust: 1.8

sources: NVD: CVE-2019-11745 // VULMON: CVE-2019-11745 // PACKETSTORM: 157044 // PACKETSTORM: 156770 // PACKETSTORM: 155609 // PACKETSTORM: 157345 // PACKETSTORM: 155589 // PACKETSTORM: 156299 // PACKETSTORM: 156704 // PACKETSTORM: 155546 // PACKETSTORM: 155603

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcom rox mx5000scope:ltversion:2.14.0

Trust: 1.0

vendor:mozillamodel:thunderbirdscope:ltversion:68.3.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.6

Trust: 1.0

vendor:mozillamodel:firefoxscope:ltversion:71.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1500scope:ltversion:2.14.0

Trust: 1.0

vendor:mozillamodel:firefox esrscope:ltversion:68.3

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1501scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx5000scope:ltversion:2.14.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1400scope:ltversion:2.14.0

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1510scope:ltversion:2.14.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1511scope:ltversion:2.14.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:siemensmodel:ruggedcom rox rx1512scope:ltversion:2.14.0

Trust: 1.0

sources: NVD: CVE-2019-11745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11745
value: HIGH

Trust: 1.0

VULMON: CVE-2019-11745
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11745
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2019-11745
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULMON: CVE-2019-11745 // NVD: CVE-2019-11745

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2019-11745

TYPE

arbitrary

Trust: 0.2

sources: PACKETSTORM: 156704 // PACKETSTORM: 155603

PATCH

title:Red Hat: Important: nss security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200243 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201461 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194114 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200466 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194152 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss, nss-softokn, nss-util security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194190 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201345 - Security Advisory

Trust: 0.1

title:Red Hat: Important: nss-softokn security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201267 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: nss vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-2

Trust: 0.1

title:Ubuntu Security Notice: nss vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-1

Trust: 0.1

title:Debian Security Advisories: DSA-4579-1 nss -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0af759a984821af0886871e7a26a298e

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-11745 log

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1379url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1379

Trust: 0.1

title:IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=74fd642ff4a4659039a762a5a0a24106

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-1942url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1942

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1384url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1384

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1355url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1355

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-1

Trust: 0.1

title:Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code executionurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-2

Trust: 0.1

title:Ubuntu Security Notice: firefox vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-2

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4241-1

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=940e53f5eecee1395e2713b0ed07506b

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=dffa374fab03b4f5b5596346629ccc8c

Trust: 0.1

title:Arch Linux Advisories: [ASA-201912-1] firefox: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000

Trust: 0.1

title:Mozilla: Security Vulnerabilities fixed in - Firefox 71url:https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=a8e439d387c58595bbdb24cc3bdadd40

Trust: 0.1

title:Ubuntu Security Notice: thunderbird vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4335-1

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2019-11745

EXTERNAL IDS

db:NVDid:CVE-2019-11745

Trust: 2.0

db:ICS CERTid:ICSA-21-040-04

Trust: 1.1

db:SIEMENSid:SSA-379803

Trust: 1.1

db:VULMONid:CVE-2019-11745

Trust: 0.1

db:PACKETSTORMid:157044

Trust: 0.1

db:PACKETSTORMid:156770

Trust: 0.1

db:PACKETSTORMid:155609

Trust: 0.1

db:PACKETSTORMid:157345

Trust: 0.1

db:PACKETSTORMid:155589

Trust: 0.1

db:PACKETSTORMid:156299

Trust: 0.1

db:PACKETSTORMid:156704

Trust: 0.1

db:PACKETSTORMid:155546

Trust: 0.1

db:PACKETSTORMid:155603

Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 157044 // PACKETSTORM: 156770 // PACKETSTORM: 155609 // PACKETSTORM: 157345 // PACKETSTORM: 155589 // PACKETSTORM: 156299 // PACKETSTORM: 156704 // PACKETSTORM: 155546 // PACKETSTORM: 155603 // NVD: CVE-2019-11745

REFERENCES

url:https://www.mozilla.org/security/advisories/mfsa2019-37/

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2020:0243

Trust: 1.2

url:https://access.redhat.com/errata/rhsa-2020:0466

Trust: 1.2

url:https://security.gentoo.org/glsa/202003-02

Trust: 1.2

url:https://security.gentoo.org/glsa/202003-37

Trust: 1.2

url:https://www.mozilla.org/security/advisories/mfsa2019-38/

Trust: 1.1

url:https://www.mozilla.org/security/advisories/mfsa2019-36/

Trust: 1.1

url:https://bugzilla.mozilla.org/show_bug.cgi?id=1586176

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html

Trust: 1.1

url:https://usn.ubuntu.com/4241-1/

Trust: 1.1

url:https://security.gentoo.org/glsa/202003-10

Trust: 1.1

url:https://usn.ubuntu.com/4335-1/

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf

Trust: 1.1

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11745

Trust: 0.9

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11745

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17008

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17011

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17005

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17012

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-17010

Trust: 0.3

url:https://bugs.gentoo.org.

Trust: 0.2

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.2

url:https://security.gentoo.org/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6814

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6798

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17026

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17022

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6805

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6800

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17016

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17024

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6811

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-6812

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://usn.ubuntu.com/4203-2/

Trust: 0.1

url:https://usn.ubuntu.com/4203-1/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1267

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0495

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-0495

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11696

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-18508

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-11698

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2019:4152

Trust: 0.1

url:https://usn.ubuntu.com/4335-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6821

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11761

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6825

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11764

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6822

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/thunderbird/1:68.7.0+build1-0ubuntu0.16.04.2

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6794

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11755

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11759

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6792

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11760

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11763

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2019:4114

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6799

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-09/

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-03/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17017

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2020-06/

Trust: 0.1

url:https://www.mozilla.org/en-us/security/advisories/mfsa2019-37/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6806

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20503

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6807

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17010

Trust: 0.1

url:https://www.mozilla.org/security/known-vulnerabilities/firefoxesr.html

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13722

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17008

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17011

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17005

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17009

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11745

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13722

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:https://www.mozilla.org/en-us/firefox/68.3.0/releasenotes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17009

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17012

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/firefox/71.0+build5-0ubuntu0.18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17014

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/firefox/71.0+build5-0ubuntu0.19.10.1

Trust: 0.1

url:https://usn.ubuntu.com/4216-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/firefox/71.0+build5-0ubuntu0.19.04.1

Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 157044 // PACKETSTORM: 156770 // PACKETSTORM: 155609 // PACKETSTORM: 157345 // PACKETSTORM: 155589 // PACKETSTORM: 156299 // PACKETSTORM: 156704 // PACKETSTORM: 155546 // PACKETSTORM: 155603 // NVD: CVE-2019-11745

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 157044 // PACKETSTORM: 155609 // PACKETSTORM: 155589 // PACKETSTORM: 156299

SOURCES

db:VULMONid:CVE-2019-11745
db:PACKETSTORMid:157044
db:PACKETSTORMid:156770
db:PACKETSTORMid:155609
db:PACKETSTORMid:157345
db:PACKETSTORMid:155589
db:PACKETSTORMid:156299
db:PACKETSTORMid:156704
db:PACKETSTORMid:155546
db:PACKETSTORMid:155603
db:NVDid:CVE-2019-11745

LAST UPDATE DATE

2024-12-20T20:40:10.973000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-11745date:2021-02-19T00:00:00
db:NVDid:CVE-2019-11745date:2024-11-21T04:21:42.373

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-11745date:2020-01-08T00:00:00
db:PACKETSTORMid:157044date:2020-04-01T15:23:37
db:PACKETSTORMid:156770date:2020-03-16T22:35:27
db:PACKETSTORMid:155609date:2019-12-10T15:49:04
db:PACKETSTORMid:157345date:2020-04-22T15:10:10
db:PACKETSTORMid:155589date:2019-12-09T15:52:48
db:PACKETSTORMid:156299date:2020-02-11T15:56:55
db:PACKETSTORMid:156704date:2020-03-12T20:16:23
db:PACKETSTORMid:155546date:2019-12-04T23:11:46
db:PACKETSTORMid:155603date:2019-12-09T23:42:22
db:NVDid:CVE-2019-11745date:2020-01-08T20:15:12.313