Details of VAR-202010-0251

ID

VAR-202010-0251

CVE

CVE-2019-17006

TITLE

Network Security Services Vulnerability for inadequate validation of data reliability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016070

DESCRIPTION

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. Network Security Services (NSS) Exists in an inadequate validation of data reliability vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Red Hat OpenShift Do openshift/odo-init-image 1.1.3 is a container image that is used as part of the InitContainer setup that provisions odo components. The advisory addresses the following issues: * Re-release of odo-init-image 1.1.3 for security updates 3. Solution: Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1832983 - Release of 1.1.3 odo-init-image 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: nss and nss-softokn security update Advisory ID: RHSA-2021:0876-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0876 Issue date: 2021-03-16 CVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2019-17007 CVE-2020-12403 ==================================================================== 1. Summary: An update for nss and nss-softokn is now available for Red Hat Enterprise Linux 7.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS (CVE-2019-17007) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS 1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.6): Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6): x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.6): Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm ppc64: nss-3.36.0-9.el7_6.ppc.rpm nss-3.36.0-9.el7_6.ppc64.rpm nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-devel-3.36.0-9.el7_6.ppc.rpm nss-devel-3.36.0-9.el7_6.ppc64.rpm nss-softokn-3.36.0-7.el7_6.ppc.rpm nss-softokn-3.36.0-7.el7_6.ppc64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm nss-sysinit-3.36.0-9.el7_6.ppc64.rpm nss-tools-3.36.0-9.el7_6.ppc64.rpm ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm aarch64: nss-3.36.0-9.el7_6.aarch64.rpm nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-devel-3.36.0-9.el7_6.aarch64.rpm nss-softokn-3.36.0-7.el7_6.aarch64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm nss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm nss-sysinit-3.36.0-9.el7_6.aarch64.rpm nss-tools-3.36.0-9.el7_6.aarch64.rpm ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.6): ppc64: nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17007 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP jCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5 Em5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J o0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm mttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn wLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5 5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR iobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b 8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16 1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z IFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6 BbaFUBBSJpw=m1vv -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bug Fix(es): * Container-native Virtualization 2.4.2 Images (BZ#1877407) This advisory contains the following OpenShift Virtualization 2.4.2 images: RHEL-7-CNV-2.4 =============kubevirt-ssp-operator-container-v2.4.2-2 RHEL-8-CNV-2.4 =============virt-cdi-controller-container-v2.4.2-1 virt-cdi-apiserver-container-v2.4.2-1 hostpath-provisioner-operator-container-v2.4.2-1 virt-cdi-uploadproxy-container-v2.4.2-1 virt-cdi-cloner-container-v2.4.2-1 virt-cdi-importer-container-v2.4.2-1 kubevirt-template-validator-container-v2.4.2-1 hostpath-provisioner-container-v2.4.2-1 virt-cdi-uploadserver-container-v2.4.2-1 virt-cdi-operator-container-v2.4.2-1 virt-controller-container-v2.4.2-1 kubevirt-cpu-model-nfd-plugin-container-v2.4.2-1 virt-api-container-v2.4.2-1 ovs-cni-marker-container-v2.4.2-1 kubevirt-cpu-node-labeller-container-v2.4.2-1 bridge-marker-container-v2.4.2-1 kubevirt-metrics-collector-container-v2.4.2-1 kubemacpool-container-v2.4.2-1 cluster-network-addons-operator-container-v2.4.2-1 ovs-cni-plugin-container-v2.4.2-1 kubernetes-nmstate-handler-container-v2.4.2-1 cnv-containernetworking-plugins-container-v2.4.2-1 virtio-win-container-v2.4.2-1 virt-handler-container-v2.4.2-1 virt-launcher-container-v2.4.2-1 cnv-must-gather-container-v2.4.2-1 virt-operator-container-v2.4.2-1 vm-import-controller-container-v2.4.2-1 hyperconverged-cluster-operator-container-v2.4.2-1 vm-import-operator-container-v2.4.2-1 kubevirt-vmware-container-v2.4.2-1 kubevirt-v2v-conversion-container-v2.4.2-1 kubevirt-kvm-info-nfd-plugin-container-v2.4.2-1 node-maintenance-operator-container-v2.4.2-1 hco-bundle-registry-container-v2.4.2-15 3. Bugs fixed (https://bugzilla.redhat.com/): 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1869194 - HCO CR display name should contain "OpenShift Virtualization" instead of CNV 1869734 - OpenShift Virtualization does not appear in OperatorHub when filtering to "Disconnected" 1875383 - terminationGracePeriodSeconds should be updated in VMs created from common templates 1877407 - Container-native Virtualization 2.4.2 Images 5. 8) - aarch64, ppc64le, s390x, x86_64 3. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nspr (4.25.0). Bug Fix(es): * Install of update of nss.x86_64 adds i686 into transaction (BZ#1663187) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1691409) * TLS Keying Material Exporter is unsupported by command line tools (BZ#1691454) * TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible (BZ#1711375) * Make TLS 1.3 work in FIPS mode (BZ#1724250) * NSS rejects records with large padding with SHA384 HMAC (BZ#1750921) * NSS missing IKEv1 Quick Mode KDF (BZ#1809637) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1825270) * FIPS needs nss to restrict valid dh primes to those primes that are approved. (BZ#1854564) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825) Enhancement(s): * [RFE] nss should use AES for storage of keys (BZ#1723819) 4. Bugs fixed (https://bugzilla.redhat.com/): 1663187 - Install of update of nss.x86_64 adds i686 into transaction 1691454 - TLS Keying Material Exporter is unsupported by command line tools 1711375 - TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible 1724250 - Make TLS 1.3 work in FIPS mode [rhel-8] 1750921 - NSS rejects records with large padding with SHA384 HMAC 1774835 - CVE-2019-11756 nss: UAF in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state 1809637 - NSS missing IKEv1 Quick Mode KDF 1825270 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name 1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation 1854564 - FIPS needs nss to restrict valid dh primes to those primes that are approved. [rhel-8.2.0.z] 6

Trust: 2.43

sources: NVD: CVE-2019-17006 // JVNDB: JVNDB-2019-016070 // VULMON: CVE-2019-17006 // PACKETSTORM: 162026 // PACKETSTORM: 161727 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 161842 // PACKETSTORM: 159497 // PACKETSTORM: 158724 // PACKETSTORM: 159552

AFFECTED PRODUCTS

vendor:	siemens	model:	ruggedcom rox mx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx5000	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1500	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1501	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	netapp	model:	hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1400	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1510	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	netapp	model:	solidfire	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	hci compute node	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1511	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	lt	version:	3.46	Trust: 1.0
vendor:	netapp	model:	hci storage node	scope:	eq	version:	-	Trust: 1.0
vendor:	siemens	model:	ruggedcom rox rx1512	scope:	lt	version:	2.14.0	Trust: 1.0
vendor:	mozilla	model:	network security services	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	hci management node	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	solidfire	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	hci compute node	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	hci storage node	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rox mx5000	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rox rx1400	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rox rx1500	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rox rx1501	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rox rx1510	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rox rx1511	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rox rx1512	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	ruggedcom rox rx5000	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-016070 // NVD: CVE-2019-17006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-17006
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-17006
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201912-1134
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2019-17006
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-17006
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2019-17006
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-17006
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-17006 // CNNVD: CNNVD-201912-1134 // JVNDB: JVNDB-2019-016070 // NVD: CVE-2019-17006

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-20	Trust: 1.0
problemtype:	Inadequate verification of data reliability (CWE-345) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-016070 // NVD: CVE-2019-17006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1134

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201912-1134

PATCH

title:	NTAP-20210129-0001 Siemens Siemens Security Advisory	url:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes	Trust: 0.8
title:	Mozilla Network Security Services Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105845	Trust: 0.6
title:	Ubuntu Security Notice: nss vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4231-1	Trust: 0.1
title:	Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203280 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: A security vulnerabilitiy has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2019-17006)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=a91447c5697ecfb6bbab6f4cf67cb949	Trust: 0.1
title:	Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204076 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4726-1 nss -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=2610caa3eacc40f97585be7c579718bd	Trust: 0.1
title:	Red Hat: Low: OpenShift Virtualization 2.4.2 Images	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204201 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=52844442ae85845bde006e7f0170408e	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=409c1cd1b8ef401020956950fd839000	Trust: 0.1
title:	Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory	Trust: 0.1
title:	zot	url:	https://github.com/anuvu/zot	Trust: 0.1

sources: VULMON: CVE-2019-17006 // CNNVD: CNNVD-201912-1134 // JVNDB: JVNDB-2019-016070

EXTERNAL IDS

db:	NVD	id:	CVE-2019-17006	Trust: 3.3
db:	ICS CERT	id:	ICSA-21-040-04	Trust: 2.5
db:	SIEMENS	id:	SSA-379803	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-016070	Trust: 0.8
db:	PACKETSTORM	id:	162026	Trust: 0.7
db:	PACKETSTORM	id:	159553	Trust: 0.7
db:	PACKETSTORM	id:	161916	Trust: 0.7
db:	PACKETSTORM	id:	161842	Trust: 0.7
db:	PACKETSTORM	id:	159497	Trust: 0.7
db:	PACKETSTORM	id:	158724	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0491	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3355	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3535	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2604	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2650	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0072	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0933	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3461	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1193	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0053	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0834	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2446	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0986	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0136	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0001	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3631	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1091	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1207	Trust: 0.6
db:	PACKETSTORM	id:	162130	Trust: 0.6
db:	PACKETSTORM	id:	159396	Trust: 0.6
db:	PACKETSTORM	id:	161706	Trust: 0.6
db:	PACKETSTORM	id:	162142	Trust: 0.6
db:	PACKETSTORM	id:	159661	Trust: 0.6
db:	PACKETSTORM	id:	155889	Trust: 0.6
db:	CS-HELP	id:	SB2021071301	Trust: 0.6
db:	CS-HELP	id:	SB2021043017	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-1134	Trust: 0.6
db:	VULMON	id:	CVE-2019-17006	Trust: 0.1
db:	PACKETSTORM	id:	161727	Trust: 0.1
db:	PACKETSTORM	id:	159552	Trust: 0.1

sources: VULMON: CVE-2019-17006 // PACKETSTORM: 162026 // PACKETSTORM: 161727 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 161842 // PACKETSTORM: 159497 // PACKETSTORM: 158724 // PACKETSTORM: 159552 // CNNVD: CNNVD-201912-1134 // JVNDB: JVNDB-2019-016070 // NVD: CVE-2019-17006

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 2.2
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1539788	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20210129-0001/	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://usn.ubuntu.com/4231-1/	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html	Trust: 0.6
url:	https://www.debian.org/lts/security/2020/dla-2058	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3535/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155889/ubuntu-security-notice-usn-4231-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159396/red-hat-security-advisory-2020-4076-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0072/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0136/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1207	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0834	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0933	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3355/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1091	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1193	Trust: 0.6
url:	https://packetstormsecurity.com/files/159497/red-hat-security-advisory-2020-4201-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-7/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0986	Trust: 0.6
url:	https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-cryptographic-primitives-31248	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0053/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071301	Trust: 0.6
url:	https://packetstormsecurity.com/files/158724/red-hat-security-advisory-2020-3280-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2650/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0001/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2604	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0491	Trust: 0.6
url:	https://packetstormsecurity.com/files/161706/red-hat-security-advisory-2021-0758-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2446/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021043017	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403-2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161842/red-hat-security-advisory-2021-0876-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3461/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3631/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-mozilla-firefox-vulnerabilities/	Trust: 0.6
url:	https://packetstormsecurity.com/files/162026/red-hat-security-advisory-2021-1026-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.5
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.4
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5188	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14365	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5094	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5188	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-12652	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-19126	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1240	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20386	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-18874	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12450	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17546	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14973	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-17546	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14822	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12652	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14822	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20386	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18874	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-16935	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19126	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-5482	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16935	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14973	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5482	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-5313	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-12450	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/345.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111311	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1026	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4255	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0949	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8177	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0876	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17007	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17007	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14352	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14352	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-16845	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4201	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14365	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12825	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12825	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3280	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4254	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 162026 // PACKETSTORM: 161727 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 161842 // PACKETSTORM: 159497 // PACKETSTORM: 158724 // PACKETSTORM: 159552

SOURCES

db:	VULMON	id:	CVE-2019-17006
db:	PACKETSTORM	id:	162026
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	159553
db:	PACKETSTORM	id:	161916
db:	PACKETSTORM	id:	161842
db:	PACKETSTORM	id:	159497
db:	PACKETSTORM	id:	158724
db:	PACKETSTORM	id:	159552
db:	CNNVD	id:	CNNVD-201912-1134
db:	JVNDB	id:	JVNDB-2019-016070
db:	NVD	id:	CVE-2019-17006

LAST UPDATE DATE

2026-04-18T21:29:55.935000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-17006	date:	2021-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201912-1134	date:	2021-08-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-016070	date:	2021-05-12T08:27:00
db:	NVD	id:	CVE-2019-17006	date:	2024-11-21T04:31:31.573

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-17006	date:	2020-10-22T00:00:00
db:	PACKETSTORM	id:	162026	date:	2021-03-30T14:29:43
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	159553	date:	2020-10-14T16:52:18
db:	PACKETSTORM	id:	161916	date:	2021-03-22T15:36:55
db:	PACKETSTORM	id:	161842	date:	2021-03-17T14:35:53
db:	PACKETSTORM	id:	159497	date:	2020-10-07T16:06:29
db:	PACKETSTORM	id:	158724	date:	2020-08-03T17:14:53
db:	PACKETSTORM	id:	159552	date:	2020-10-14T16:52:12
db:	CNNVD	id:	CNNVD-201912-1134	date:	2019-12-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-016070	date:	2021-05-12T00:00:00
db:	NVD	id:	CVE-2019-17006	date:	2020-10-22T21:15:12.560