Details of VAR-202001-1433

ID

VAR-202001-1433

CVE

CVE-2019-11745

TITLE

Ubuntu Security Notice USN-4203-2

Trust: 0.1

sources: PACKETSTORM: 155487

DESCRIPTION

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. ========================================================================= Ubuntu Security Notice USN-4203-2 November 27, 2019 nss vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: NSS could be made to crash or run programs if it received specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that NSS incorrectly handled certain memory operations. Background ========== The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: nss-softokn security update Advisory ID: RHSA-2019:4152-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4152 Issue date: 2019-12-10 CVE Names: CVE-2019-11745 ==================================================================== 1. Summary: An update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm ppc64: nss-softokn-3.44.0-6.el6_10.ppc.rpm nss-softokn-3.44.0-6.el6_10.ppc64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.ppc64.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-devel-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-3.44.0-6.el6_10.ppc64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.ppc64.rpm s390x: nss-softokn-3.44.0-6.el6_10.s390.rpm nss-softokn-3.44.0-6.el6_10.s390x.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.s390x.rpm nss-softokn-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-devel-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-3.44.0-6.el6_10.s390x.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.s390x.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-softokn-3.44.0-6.el6_10.src.rpm i386: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm x86_64: nss-softokn-3.44.0-6.el6_10.i686.rpm nss-softokn-3.44.0-6.el6_10.x86_64.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.i686.rpm nss-softokn-debuginfo-3.44.0-6.el6_10.x86_64.rpm nss-softokn-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-devel-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-3.44.0-6.el6_10.x86_64.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.i686.rpm nss-softokn-freebl-devel-3.44.0-6.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXe+MiNzjgjWX9erEAQiepQ/7BesVlTbWtK/e4tqUqQ2WADoCPilxvBo5 lQ/zdsIXw069qAzU/GutaUM3DN7qvxSDCtxOTeQy605jkHYnV1HPjIXxYkug6ETV atrTxcph7BwV5w3sS4D+/N7FvYaGfluSQL65lihS3VNvtiA3excFw3hyaPeI/miM N7+ZHE+kD3vFL2DL6gOMTa/FGfa2w55ka0ODEpL9xCm+vBwVEyNAYVZqzfDQdWwz 5gWlJd7NEJq1qqrNlMuwOrn3YYd2R9VPcrYEvoNRW/Dcf5BNstDmadIPAVcsG1rT Me5PeII3MRIHLEkgYGFNmrxcctWSdC1VIuMsSUdC1lKnqZSpHMq4JjaNfjh3TAtg 2Avl2Jyhm1N56h6OsQo/UX2A7vRdGfgmVlv5jkFBYvjdilLmFQRCzouyJMAXmbZu pUAqowHA9cN3RUYU7so7cU/4AKI3nlsHpH1o1ExICEUclsKn2rnxJquGMxhsVxEv rnv9JKH4IuGKBxt0KTUZRLYsSdHdbrAhlHvanLCi9px7KvqTNIMpblijHLe/1OqD 9mVJjZpCAIJ3et+qPKzfdnjd76UqWbndQlgAwlVN07XODHBLSZkh0iY1nT1Az/WN +wo3O48nWAzPvg2H5jy/+zq7mLI16W0t2mG8rUXHR2Don93Efomtbs7sFDxiiMOP Iowc4iq7Yac=lxBi -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.4) - x86_64 3. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: March 12, 2020 Bugs: #702638, #705000, #709346, #712182 ID: 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Background ========== Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 68.6.0 >= 68.6.0 2 www-client/firefox-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0" References ========== [ 1 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 2 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 3 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 4 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 5 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 6 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 7 ] CVE-2019-17016 https://nvd.nist.gov/vuln/detail/CVE-2019-17016 [ 8 ] CVE-2019-17017 https://nvd.nist.gov/vuln/detail/CVE-2019-17017 [ 9 ] CVE-2019-17022 https://nvd.nist.gov/vuln/detail/CVE-2019-17022 [ 10 ] CVE-2019-17024 https://nvd.nist.gov/vuln/detail/CVE-2019-17024 [ 11 ] CVE-2019-17026 https://nvd.nist.gov/vuln/detail/CVE-2019-17026 [ 12 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 13 ] CVE-2020-6796 https://nvd.nist.gov/vuln/detail/CVE-2020-6796 [ 14 ] CVE-2020-6797 https://nvd.nist.gov/vuln/detail/CVE-2020-6797 [ 15 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 16 ] CVE-2020-6799 https://nvd.nist.gov/vuln/detail/CVE-2020-6799 [ 17 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 18 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 19 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 20 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 21 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 22 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 23 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814 [ 24 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 25 ] MFSA-2020-03 https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ [ 26 ] MFSA-2020-06 https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ [ 27 ] MFSA-2020-09 https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8.0) - ppc64le, x86_64 3. For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2. We recommend that you upgrade your nss packages. For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2019-11745 // VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 156770 // PACKETSTORM: 155486 // PACKETSTORM: 155609 // PACKETSTORM: 157142 // PACKETSTORM: 155589 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 156093 // PACKETSTORM: 155601

AFFECTED PRODUCTS

vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	mozilla	model:	firefox esr	scope:	lt	version:	68.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1400	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1512	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	mozilla	model:	thunderbird	scope:	lt	version:	68.3.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1510	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lt	version:	71.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1500	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1501	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1511	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox mx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	6.6	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0

sources: NVD: CVE-2019-11745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11745
value:	HIGH
Trust: 1.0
VULMON:	CVE-2019-11745
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11745
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2019-11745
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2019-11745 // NVD: CVE-2019-11745

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2019-11745

THREAT TYPE

remote

Trust: 0.3

sources: PACKETSTORM: 155487 // PACKETSTORM: 155486 // PACKETSTORM: 155989

TYPE

arbitrary

Trust: 0.4

sources: PACKETSTORM: 155487 // PACKETSTORM: 155486 // PACKETSTORM: 156704 // PACKETSTORM: 155601

PATCH

title:	Red Hat: Important: nss security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200243 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201461 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194114 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200466 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194152 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss, nss-softokn, nss-util security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20194190 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201345 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: nss-softokn security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201267 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-2	Trust: 0.1
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4203-1	Trust: 0.1
title:	Debian Security Advisories: DSA-4579-1 nss -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=0af759a984821af0886871e7a26a298e	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2019-11745 log	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1379	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1379	Trust: 0.1
title:	IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=74fd642ff4a4659039a762a5a0a24106	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2023-1942	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-1942	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1384	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1384	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1355	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1355	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-1	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code execution	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-2	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4216-2	Trust: 0.1
title:	Ubuntu Security Notice: thunderbird vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4241-1	Trust: 0.1
title:	Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=940e53f5eecee1395e2713b0ed07506b	Trust: 0.1
title:	Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=dffa374fab03b4f5b5596346629ccc8c	Trust: 0.1
title:	Arch Linux Advisories: [ASA-201912-1] firefox: multiple issues	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201912-1	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000	Trust: 0.1
title:	Mozilla: Security Vulnerabilities fixed in - Firefox 71	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=a8e439d387c58595bbdb24cc3bdadd40	Trust: 0.1
title:	Ubuntu Security Notice: thunderbird vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4335-1	Trust: 0.1
title:	-	url:	https://github.com/vincent-deng/veracode-container-security-finding-parser	Trust: 0.1

sources: VULMON: CVE-2019-11745

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11745	Trust: 2.1
db:	ICS CERT	id:	ICSA-21-040-04	Trust: 1.1
db:	SIEMENS	id:	SSA-379803	Trust: 1.1
db:	VULMON	id:	CVE-2019-11745	Trust: 0.1
db:	PACKETSTORM	id:	155487	Trust: 0.1
db:	PACKETSTORM	id:	156770	Trust: 0.1
db:	PACKETSTORM	id:	155486	Trust: 0.1
db:	PACKETSTORM	id:	155609	Trust: 0.1
db:	PACKETSTORM	id:	157142	Trust: 0.1
db:	PACKETSTORM	id:	155589	Trust: 0.1
db:	PACKETSTORM	id:	156704	Trust: 0.1
db:	PACKETSTORM	id:	155989	Trust: 0.1
db:	PACKETSTORM	id:	156093	Trust: 0.1
db:	PACKETSTORM	id:	155601	Trust: 0.1

sources: VULMON: CVE-2019-11745 // PACKETSTORM: 155487 // PACKETSTORM: 156770 // PACKETSTORM: 155486 // PACKETSTORM: 155609 // PACKETSTORM: 157142 // PACKETSTORM: 155589 // PACKETSTORM: 156704 // PACKETSTORM: 155989 // PACKETSTORM: 156093 // PACKETSTORM: 155601 // NVD: CVE-2019-11745

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2020:0243	Trust: 1.3
url:	https://security.gentoo.org/glsa/202003-02	Trust: 1.2
url:	https://security.gentoo.org/glsa/202003-37	Trust: 1.2
url:	https://www.mozilla.org/security/advisories/mfsa2019-38/	Trust: 1.1
url:	https://www.mozilla.org/security/advisories/mfsa2019-37/	Trust: 1.1
url:	https://www.mozilla.org/security/advisories/mfsa2019-36/	Trust: 1.1
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1586176	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html	Trust: 1.1
url:	https://usn.ubuntu.com/4241-1/	Trust: 1.1
url:	https://access.redhat.com/errata/rhsa-2020:0466	Trust: 1.1
url:	https://security.gentoo.org/glsa/202003-10	Trust: 1.1
url:	https://usn.ubuntu.com/4335-1/	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf	Trust: 1.1
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11745	Trust: 1.0
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11745	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://usn.ubuntu.com/4203-1	Trust: 0.2
url:	https://bugs.gentoo.org.	Trust: 0.2
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.2
url:	https://security.gentoo.org/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17026	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17022	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17016	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17024	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17011	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17012	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/4203-2/	Trust: 0.1
url:	https://usn.ubuntu.com/4203-1/	Trust: 0.1
url:	https://usn.ubuntu.com/4203-2	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11696	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11695	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18508	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11697	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-11698	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.45-1ubuntu2.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.8	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2019:4152	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:1345	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0495	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-0495	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2019:4114	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17008	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6814	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6798	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6799	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2020-09/	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2020-03/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6797	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6805	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17017	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6800	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2020-06/	Trust: 0.1
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2019-37/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6806	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17010	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6796	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6811	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6807	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6812	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17005	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.18.04.1	Trust: 0.1
url:	https://usn.ubuntu.com/4241-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:68.4.1+build1-0ubuntu0.19.10.1	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/nss	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17007	Trust: 0.1

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 155609 // PACKETSTORM: 157142 // PACKETSTORM: 155589 // PACKETSTORM: 156093

SOURCES

db:	VULMON	id:	CVE-2019-11745
db:	PACKETSTORM	id:	155487
db:	PACKETSTORM	id:	156770
db:	PACKETSTORM	id:	155486
db:	PACKETSTORM	id:	155609
db:	PACKETSTORM	id:	157142
db:	PACKETSTORM	id:	155589
db:	PACKETSTORM	id:	156704
db:	PACKETSTORM	id:	155989
db:	PACKETSTORM	id:	156093
db:	PACKETSTORM	id:	155601
db:	NVD	id:	CVE-2019-11745

LAST UPDATE DATE

2024-11-07T20:22:40.439000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-11745	date:	2021-02-19T00:00:00
db:	NVD	id:	CVE-2019-11745	date:	2021-02-19T17:22:17.650

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-11745	date:	2020-01-08T00:00:00
db:	PACKETSTORM	id:	155487	date:	2019-11-28T01:22:40
db:	PACKETSTORM	id:	156770	date:	2020-03-16T22:35:27
db:	PACKETSTORM	id:	155486	date:	2019-11-28T01:22:35
db:	PACKETSTORM	id:	155609	date:	2019-12-10T15:49:04
db:	PACKETSTORM	id:	157142	date:	2020-04-07T16:41:47
db:	PACKETSTORM	id:	155589	date:	2019-12-09T15:52:48
db:	PACKETSTORM	id:	156704	date:	2020-03-12T20:16:23
db:	PACKETSTORM	id:	155989	date:	2020-01-17T16:38:14
db:	PACKETSTORM	id:	156093	date:	2020-01-27T22:53:39
db:	PACKETSTORM	id:	155601	date:	2019-12-09T22:22:22
db:	NVD	id:	CVE-2019-11745	date:	2020-01-08T20:15:12.313