var-201902-0855
Vulnerability from variot
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. 7) - aarch64, ppc64le
- Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Software Description: - libpng1.6: PNG (Portable Network Graphics) file library
Details:
It was discovered that libpng incorrectly handled certain memory operations. ========================================================================== Ubuntu Security Notice USN-3991-2 June 06, 2019
firefox regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-3991-1 caused a regression in Firefox. The update caused a regression which resulted in issues when upgrading between Ubuntu releases. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, trick the user in to launching local executable binaries, obtain sensitive information, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701, CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-9821)
It was discovered that pressing certain key combinations could bypass addon installation prompt delays. If a user opened a specially crafted website, an attacker could potentially exploit this to trick them in to installing a malicious extension. (CVE-2019-11697)
It was discovered that history data could be exposed via drag and drop of hyperlinks to and from bookmarks. If a user were tricked in to dragging a specially crafted hyperlink to the bookmark toolbar or sidebar, and subsequently back in to the web content area, an attacker could potentially exploit this to obtain sensitive information. (CVE-2019-11698)
A type confusion bug was discovered with object groups and UnboxedObjects. If a user were tricked in to opening a specially crafted website after enabling the UnboxedObjects feature, an attacker could potentially exploit this to bypass security checks. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:
IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.
Security Fix(es):
-
IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775)
-
OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762)
-
OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769)
-
OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816)
-
libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518) 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) 1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning
For the stable distribution (stretch), these problems have been fixed in version 1:60.7.0-1~deb9u1.
For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWm4ACgkQEMKTtsN8 TjbzCxAAkzMt+0SOM3NCOQ6tLLP1EWDUnRiBvTwq6JfJYRvngfSc2A2oHKLtDPF7 8NNdpvzNyXZUo1ARTMmoK/5slDalTvUF6+11mydrHw2oIasIOuiaxN1N9mRk2nIN 7LF/cZZyu/ghjuoCV10F5BRropCRxGcZUBM1fTmz9RO7YFOvHmn6s+PmJCag6XWy Iuq3JIP6hNYPTi+UBCU7oaMQD0P9Z1x3QCs/kraYps3dUxH7/o8Kw5Yqa91TsTn9 KiQPoeTTHfwk3n4NKCgczpPW2OZQZncowa9dg9LFd6N0uGOgoy3bCIjR/xYk7fan VaxbkNX613KHDjZauUCit0MrvlXBxOi4S0jAY5tU5uCvM7EtNat6IozZyxfVcW+/ gGt6a+IUXAGD9Y5IjIklsDMm2aM2Wxx8B+Es4TUw1ihddKrtiQx6e1cYOPUSlsYH 7wgKKrIjwnQJ0B41pTqTKngDaFR9WGnQ2+Mix8OIrDKx7rilNtLnuhRvQ52ZAIoV 5qtzrm4WfuG0OJi5Sql4O7euTbQgnuPWqp448WiRMYtR9mSVMDUOxpG79Fx0R/Hi TBmSmzMxMPKcFdc0nqELSCi3YArxtsUUjSOrilji60VSwiLItxNZsPPzs94zYirV +BXY7WOtP26CgkaGhBoUDfU1JL8mwP5+UkHpmgoJbtADT2lBH/o= =uTpA -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: firefox security update Advisory ID: RHSA-2019:1267-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1267 Issue date: 2019-05-23 CVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 ==================================================================== 1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64
- Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 60.7.0 ESR.
Security Fix(es):
-
Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800)
-
Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797)
-
Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816)
-
Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)
-
Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)
-
Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)
-
Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)
-
Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692)
-
Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)
-
mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511)
-
chromium-browser: Out of bounds read in Skia (CVE-2019-5798)
-
Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698)
-
libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext 1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia 1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest 1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager 1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux 1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks 1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap 1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 1712625 - CVE-2019-9816 Mozilla: Type confusion with object groups and UnboxedObjects 1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas 1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API 1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: firefox-60.7.0-1.el6_10.src.rpm
i386: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm
x86_64: firefox-60.7.0-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
x86_64: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: firefox-60.7.0-1.el6_10.src.rpm
x86_64: firefox-60.7.0-1.el6_10.i686.rpm firefox-60.7.0-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: firefox-60.7.0-1.el6_10.src.rpm
i386: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm
ppc64: firefox-60.7.0-1.el6_10.ppc64.rpm firefox-debuginfo-60.7.0-1.el6_10.ppc64.rpm
s390x: firefox-60.7.0-1.el6_10.s390x.rpm firefox-debuginfo-60.7.0-1.el6_10.s390x.rpm
x86_64: firefox-60.7.0-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
x86_64: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: firefox-60.7.0-1.el6_10.src.rpm
i386: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm
x86_64: firefox-60.7.0-1.el6_10.x86_64.rpm firefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
x86_64: firefox-60.7.0-1.el6_10.i686.rpm firefox-debuginfo-60.7.0-1.el6_10.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-18511 https://access.redhat.com/security/cve/CVE-2019-5798 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-9797 https://access.redhat.com/security/cve/CVE-2019-9800 https://access.redhat.com/security/cve/CVE-2019-9816 https://access.redhat.com/security/cve/CVE-2019-9817 https://access.redhat.com/security/cve/CVE-2019-9819 https://access.redhat.com/security/cve/CVE-2019-9820 https://access.redhat.com/security/cve/CVE-2019-11691 https://access.redhat.com/security/cve/CVE-2019-11692 https://access.redhat.com/security/cve/CVE-2019-11693 https://access.redhat.com/security/cve/CVE-2019-11698 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXObA+NzjgjWX9erEAQhdLg//Y2Qy3oBF2JXo0FDIAlvxGC0bBSZ5kIpr 2aZqeaEIQDfHbm2mNa5fGidU+zFgvwuAxmCjrURuGYx0GAtje4XH+oEa09Ri5VQS Wdm2faaOLj36IsIawC8RUQLzm8jIlZiYyeEKGFZj/PY8oFRcTBoebqqyTUAin+oC cCXcGcckGLouKi5rj9Q1pUcCzjnVDAUmMb00dF+8KbTUGHnMwMYF43ogBggN0ril ePFEsAZQ5tcapBQ7nqBkUJNsMMuKoVRcLyI+DUdEPOsetEhaOzMmWBkMtEV1VAN1 RaGzw6Xp34jVHhhqMznhFNZ/rkLVfr5hRwwTkeA9a8uq6kEW1LdhfIch62iWb00H AgSrwURUfOuPUKO6lHqg1FJEtIxqfY3GlpSCxhSWwZ/tUpmQcGuYK97zIl4lw5m4 i5dxQKxnVk+U116iU7kl3M8YKsK+HG2dFxjEFNdvnsnM+KBHurM5ANpo/AwP3E5i EKj4gL2USYekfUykbWk5gERbj/Rn8hdChgBFDGL7h7BevTw+jGXxctXDqw6n0BR+ yDJV98Vl44mkdrTnYvrIcFQTtNVMNkoS3ZbGq+tR/8ZZIwo28+qXnor1KTUBchJ/ HC8+r9xE+SZy2fxxI9esbwVkSsN5TaxOFFzf4uYDy/dQExCULJbQSsyGyvxdz0b8 74xrhCg7IBo=PKHG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0855",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "package hub",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "satellite",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "5.8"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "hyperion infrastructure technology",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.2.6.0"
},
{
"model": "xp7 command view advanced edition suite",
"scope": "lt",
"trust": 1.0,
"vendor": "hpe",
"version": "8.7.0-00"
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "3.4.2"
},
{
"model": "java se",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8u212"
},
{
"model": "active iq unified manager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "9.6"
},
{
"model": "e-series santricity storage manager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "11.53"
},
{
"model": "libpng",
"scope": "lt",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.37"
},
{
"model": "e-series santricity management",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "steelstore",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "libpng",
"scope": "gte",
"trust": 1.0,
"vendor": "libpng",
"version": "1.6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "oncommand insight",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "7.3.9"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "mysql",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.1"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "9.6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "oncommand workflow automation",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "5.1"
},
{
"model": "jdk",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.0.3"
},
{
"model": "firefox",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "e-series santricity web services",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "4.0"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "snapmanager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "3.4.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "e-series santricity unified manager",
"scope": "lt",
"trust": 1.0,
"vendor": "netapp",
"version": "3.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "java se",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7u221"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "plug-in for symantec netbackup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "xp7 command view",
"scope": "lt",
"trust": 1.0,
"vendor": "hp",
"version": "8.7.0-00"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ucosminexus client",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "\u65e5\u7acb\u30a2\u30c9\u30d0\u30f3\u30b9\u30c8\u30b5\u30fc\u30d0 ha8000v \u30b7\u30ea\u30fc\u30ba",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi infrastructure analytics advisor",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi replication manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi global link manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi tiered storage manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi dynamic link manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi compute systems manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "cosminexus developer\u0027s kit for java",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi tuning manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "libpng",
"scope": null,
"trust": 0.8,
"vendor": "png group",
"version": null
},
{
"model": "hitachi device manager",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
},
{
"model": "hitachi automation director",
"scope": null,
"trust": 0.8,
"vendor": "\u65e5\u7acb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154068"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "153065"
}
],
"trust": 0.5
},
"cve": "CVE-2019-7317",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CVE-2019-7317",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"id": "CVE-2019-7317",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-7317",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-7317",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-7317",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2019-7317",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. libpng Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. 7) - aarch64, ppc64le\n\n3. Description:\n\nMozilla Thunderbird is a standalone mail and newsgroup client. \n\nSoftware Description:\n- libpng1.6: PNG (Portable Network Graphics) file library\n\nDetails:\n\nIt was discovered that libpng incorrectly handled certain memory\noperations. ==========================================================================\nUbuntu Security Notice USN-3991-2\nJune 06, 2019\n\nfirefox regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nUSN-3991-1 caused a regression in Firefox. The update caused a\nregression which resulted in issues when upgrading between Ubuntu\nreleases. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n Multiple security issues were discovered in Firefox. If a user were\n tricked in to opening a specially crafted website, an attacker could\n potentially exploit these to cause a denial of service, spoof the browser\n UI, trick the user in to launching local executable binaries, obtain\n sensitive information, conduct cross-site scripting (XSS) attacks, or\n execute arbitrary code. (CVE-2019-11691, CVE-2019-11692, CVE-2019-11693,\n CVE-2019-11695, CVE-2019-11696, CVE-2019-11699, CVE-2019-11701,\n CVE-2019-7317, CVE-2019-9800, CVE-2019-9814, CVE-2019-9817, CVE-2019-9819,\n CVE-2019-9820, CVE-2019-9821)\n \n It was discovered that pressing certain key combinations could bypass\n addon installation prompt delays. If a user opened a specially crafted\n website, an attacker could potentially exploit this to trick them in to\n installing a malicious extension. (CVE-2019-11697)\n \n It was discovered that history data could be exposed via drag and drop\n of hyperlinks to and from bookmarks. If a user were tricked in to dragging\n a specially crafted hyperlink to the bookmark toolbar or sidebar, and\n subsequently back in to the web content area, an attacker could\n potentially exploit this to obtain sensitive information. (CVE-2019-11698)\n \n A type confusion bug was discovered with object groups and UnboxedObjects. \n If a user were tricked in to opening a specially crafted website after\n enabling the UnboxedObjects feature, an attacker could potentially\n exploit this to bypass security checks. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment\nand the IBM Java Software Development Kit. \n\nSecurity Fix(es):\n\n* IBM JDK: Failure to privatize a value pulled out of the loop by\nversioning (CVE-2019-11775)\n\n* OpenJDK: Insufficient checks of suppressed exceptions in deserialization\n(Utilities, 8212328) (CVE-2019-2762)\n\n* OpenJDK: Unbounded memory allocation during deserialization in\nCollections (Utilities, 8213432) (CVE-2019-2769)\n\n* OpenJDK: Missing URL format validation (Networking, 8221518)\n(CVE-2019-2816)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c\n1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432)\n1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518)\n1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328)\n1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning\n\n6. \n\t\t\t\t \nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:60.7.0-1~deb9u1. \n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzoWm4ACgkQEMKTtsN8\nTjbzCxAAkzMt+0SOM3NCOQ6tLLP1EWDUnRiBvTwq6JfJYRvngfSc2A2oHKLtDPF7\n8NNdpvzNyXZUo1ARTMmoK/5slDalTvUF6+11mydrHw2oIasIOuiaxN1N9mRk2nIN\n7LF/cZZyu/ghjuoCV10F5BRropCRxGcZUBM1fTmz9RO7YFOvHmn6s+PmJCag6XWy\nIuq3JIP6hNYPTi+UBCU7oaMQD0P9Z1x3QCs/kraYps3dUxH7/o8Kw5Yqa91TsTn9\nKiQPoeTTHfwk3n4NKCgczpPW2OZQZncowa9dg9LFd6N0uGOgoy3bCIjR/xYk7fan\nVaxbkNX613KHDjZauUCit0MrvlXBxOi4S0jAY5tU5uCvM7EtNat6IozZyxfVcW+/\ngGt6a+IUXAGD9Y5IjIklsDMm2aM2Wxx8B+Es4TUw1ihddKrtiQx6e1cYOPUSlsYH\n7wgKKrIjwnQJ0B41pTqTKngDaFR9WGnQ2+Mix8OIrDKx7rilNtLnuhRvQ52ZAIoV\n5qtzrm4WfuG0OJi5Sql4O7euTbQgnuPWqp448WiRMYtR9mSVMDUOxpG79Fx0R/Hi\nTBmSmzMxMPKcFdc0nqELSCi3YArxtsUUjSOrilji60VSwiLItxNZsPPzs94zYirV\n+BXY7WOtP26CgkaGhBoUDfU1JL8mwP5+UkHpmgoJbtADT2lBH/o=\n=uTpA\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Critical: firefox security update\nAdvisory ID: RHSA-2019:1267-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:1267\nIssue date: 2019-05-23\nCVE Names: CVE-2018-18511 CVE-2019-5798 CVE-2019-7317\n CVE-2019-9797 CVE-2019-9800 CVE-2019-9816\n CVE-2019-9817 CVE-2019-9819 CVE-2019-9820\n CVE-2019-11691 CVE-2019-11692 CVE-2019-11693\n CVE-2019-11698\n====================================================================\n1. Summary:\n\nAn update for firefox is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. \n\nThis update upgrades Firefox to version 60.7.0 ESR. \n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n(CVE-2019-9800)\n\n* Mozilla: Cross-origin theft of images with createImageBitmap\n(CVE-2019-9797)\n\n* Mozilla: Type confusion with object groups and UnboxedObjects\n(CVE-2019-9816)\n\n* Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817)\n\n* Mozilla: Compartment mismatch with fetch API (CVE-2019-9819)\n\n* Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820)\n\n* Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691)\n\n* Mozilla: Use-after-free removing listeners in the event listener manager\n(CVE-2019-11692)\n\n* Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693)\n\n* mozilla: Cross-origin theft of images with ImageBitmapRenderingContext\n(CVE-2018-18511)\n\n* chromium-browser: Out of bounds read in Skia (CVE-2019-5798)\n\n* Mozilla: Theft of user history data through drag and drop of hyperlinks\nto and from bookmarks (CVE-2019-11698)\n\n* libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c\n1676997 - CVE-2018-18511 mozilla: Cross-origin theft of images with ImageBitmapRenderingContext\n1688200 - CVE-2019-5798 chromium-browser: Out of bounds read in Skia\n1712617 - CVE-2019-11691 Mozilla: Use-after-free in XMLHttpRequest\n1712618 - CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager\n1712619 - CVE-2019-11693 Mozilla: Buffer overflow in WebGL bufferdata on Linux\n1712621 - CVE-2019-11698 Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks\n1712622 - CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap\n1712623 - CVE-2019-9800 Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7\n1712625 - CVE-2019-9816 Mozilla: Type confusion with object groups and UnboxedObjects\n1712626 - CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas\n1712628 - CVE-2019-9819 Mozilla: Compartment mismatch with fetch API\n1712629 - CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nfirefox-60.7.0-1.el6_10.src.rpm\n\ni386:\nfirefox-60.7.0-1.el6_10.i686.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.i686.rpm\n\nx86_64:\nfirefox-60.7.0-1.el6_10.x86_64.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nx86_64:\nfirefox-60.7.0-1.el6_10.i686.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.i686.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nfirefox-60.7.0-1.el6_10.src.rpm\n\nx86_64:\nfirefox-60.7.0-1.el6_10.i686.rpm\nfirefox-60.7.0-1.el6_10.x86_64.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.i686.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nfirefox-60.7.0-1.el6_10.src.rpm\n\ni386:\nfirefox-60.7.0-1.el6_10.i686.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.i686.rpm\n\nppc64:\nfirefox-60.7.0-1.el6_10.ppc64.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.ppc64.rpm\n\ns390x:\nfirefox-60.7.0-1.el6_10.s390x.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.s390x.rpm\n\nx86_64:\nfirefox-60.7.0-1.el6_10.x86_64.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nx86_64:\nfirefox-60.7.0-1.el6_10.i686.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.i686.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nfirefox-60.7.0-1.el6_10.src.rpm\n\ni386:\nfirefox-60.7.0-1.el6_10.i686.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.i686.rpm\n\nx86_64:\nfirefox-60.7.0-1.el6_10.x86_64.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nx86_64:\nfirefox-60.7.0-1.el6_10.i686.rpm\nfirefox-debuginfo-60.7.0-1.el6_10.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-18511\nhttps://access.redhat.com/security/cve/CVE-2019-5798\nhttps://access.redhat.com/security/cve/CVE-2019-7317\nhttps://access.redhat.com/security/cve/CVE-2019-9797\nhttps://access.redhat.com/security/cve/CVE-2019-9800\nhttps://access.redhat.com/security/cve/CVE-2019-9816\nhttps://access.redhat.com/security/cve/CVE-2019-9817\nhttps://access.redhat.com/security/cve/CVE-2019-9819\nhttps://access.redhat.com/security/cve/CVE-2019-9820\nhttps://access.redhat.com/security/cve/CVE-2019-11691\nhttps://access.redhat.com/security/cve/CVE-2019-11692\nhttps://access.redhat.com/security/cve/CVE-2019-11693\nhttps://access.redhat.com/security/cve/CVE-2019-11698\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXObA+NzjgjWX9erEAQhdLg//Y2Qy3oBF2JXo0FDIAlvxGC0bBSZ5kIpr\n2aZqeaEIQDfHbm2mNa5fGidU+zFgvwuAxmCjrURuGYx0GAtje4XH+oEa09Ri5VQS\nWdm2faaOLj36IsIawC8RUQLzm8jIlZiYyeEKGFZj/PY8oFRcTBoebqqyTUAin+oC\ncCXcGcckGLouKi5rj9Q1pUcCzjnVDAUmMb00dF+8KbTUGHnMwMYF43ogBggN0ril\nePFEsAZQ5tcapBQ7nqBkUJNsMMuKoVRcLyI+DUdEPOsetEhaOzMmWBkMtEV1VAN1\nRaGzw6Xp34jVHhhqMznhFNZ/rkLVfr5hRwwTkeA9a8uq6kEW1LdhfIch62iWb00H\nAgSrwURUfOuPUKO6lHqg1FJEtIxqfY3GlpSCxhSWwZ/tUpmQcGuYK97zIl4lw5m4\ni5dxQKxnVk+U116iU7kl3M8YKsK+HG2dFxjEFNdvnsnM+KBHurM5ANpo/AwP3E5i\nEKj4gL2USYekfUykbWk5gERbj/Rn8hdChgBFDGL7h7BevTw+jGXxctXDqw6n0BR+\nyDJV98Vl44mkdrTnYvrIcFQTtNVMNkoS3ZbGq+tR/8ZZIwo28+qXnor1KTUBchJ/\nHC8+r9xE+SZy2fxxI9esbwVkSsN5TaxOFFzf4uYDy/dQExCULJbQSsyGyvxdz0b8\n74xrhCg7IBo=PKHG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "152702"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154068"
},
{
"db": "PACKETSTORM",
"id": "153087"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "153065"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-7317",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "152561",
"trust": 1.1
},
{
"db": "BID",
"id": "108098",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2019-7317",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153157",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152702",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153212",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154457",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154068",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153087",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154282",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153065",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "152702"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154068"
},
{
"db": "PACKETSTORM",
"id": "153087"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "153065"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"id": "VAR-201902-0855",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.23809524
},
"last_update_date": "2024-11-29T21:03:54.864000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "hitachi-sec-2019-116 Software product security information",
"trust": 0.8,
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"title": "Debian CVElist Bug Report Logs: libpng1.6: CVE-2019-7317: use-after-free in png_image_free in png.c",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ef2bbc82329f4e3dd9e23c0137af2a7b"
},
{
"title": "Ubuntu Security Notice: libpng1.6 vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3962-1"
},
{
"title": "Debian Security Advisories: DSA-4435-1 libpng1.6 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=d60ba88361ab9afdcad18ca2a106ac3b"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192494 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.7.1-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192495 - Security Advisory"
},
{
"title": "Arch Linux Advisories: [ASA-201904-10] libpng: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201904-10"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192737 - Security Advisory"
},
{
"title": "Red Hat: CVE-2019-7317",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2019-7317"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192585 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192590 - Security Advisory"
},
{
"title": "Red Hat: Important: java-1.8.0-ibm security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20192592 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-7317"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191308 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191310 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191265 - Security Advisory"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191269 - Security Advisory"
},
{
"title": "Red Hat: Important: thunderbird security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191309 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-lts vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4083-1"
},
{
"title": "Red Hat: Critical: firefox security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191267 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openjdk-8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4080-1"
},
{
"title": "Ubuntu Security Notice: thunderbird vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3997-1"
},
{
"title": "Debian Security Advisories: DSA-4451-1 thunderbird -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=1cf7f39c2c474666174a69cf97b06740"
},
{
"title": "Ubuntu Security Notice: firefox regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3991-3"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=61e62f4d9c861153c6391afc0ec560a4"
},
{
"title": "Debian Security Advisories: DSA-4448-1 firefox-esr -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e2d9ccf571c31c1011ad31af2798140f"
},
{
"title": "Ubuntu Security Notice: firefox regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3991-2"
},
{
"title": "Ubuntu Security Notice: firefox vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3991-1"
},
{
"title": "Arch Linux Advisories: [ASA-201905-8] thunderbird: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-8"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1246",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1246"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2019-14",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2019-14"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Mozilla Firefox vulnerability in IBM SONAS",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4a8e20a238934bc47ca332a3c76cc9c3"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Command Suite, Hitachi Automation Director, Hitachi Configuration Manager and Hitachi Infrastructure Analytics Advisor",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-117"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (January 2020v2)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=acad3ac1b2767940a01b72ed1b51586b"
},
{
"title": "Arch Linux Advisories: [ASA-201905-9] firefox: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201905-9"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Cosminexus",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-116"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2019-1229"
},
{
"title": "Mozilla: Security vulnerabilities fixed in Firefox ESR 60.7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=554d832b08166d6d04a53f3c421e7f9b"
},
{
"title": "IBM: IBM Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU \u2013 Jul 2019 \u2013 Includes Oracle Jul 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=de7b9859dff396513e72da22ffc4ab3e"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2019-15",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2019-15"
},
{
"title": "Mozilla: Security vulnerabilities fixed in Thunderbird 60.7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=198e3a670ab8c803584e801da3919e61"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=836b059f33e614408bd51705b325caaf"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=b352b6737bfbf2a62b0a2201928e8963"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=1ad5c6091de269fb79e0c4d1c06b0846"
},
{
"title": "Mozilla: Security vulnerabilities fixed in Firefox 67",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=730fce689efe63b7de803de0d8794796"
},
{
"title": "Mozilla: Mozilla Foundation Security Advisory 2019-13",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=2019-13"
},
{
"title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-z",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ef3e54cc5cdc194f0526779f9480f89"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.0
},
{
"problemtype": "Use of freed memory (CWE-416) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7317"
},
{
"trust": 1.2,
"url": "https://usn.ubuntu.com/3962-1/"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:1267"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:1309"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/108098"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2495"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2585"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2737"
},
{
"trust": 1.1,
"url": "https://github.com/glennrp/libpng/issues/275"
},
{
"trust": 1.1,
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12803"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/apr/30"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/152561/slackware-security-advisory-libpng-updates.html"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4435"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/apr/36"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3991-1/"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/may/56"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/may/59"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4448"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00032.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1265"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1269"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2019/dsa-4451"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/may/67"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00038.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3997-1/"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00002.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1310"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1308"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190719-0005/"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4080-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/4083-1/"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201908-02"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2494"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00044.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00038.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2590"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:2592"
},
{
"trust": 1.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbst03977en_us"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-7317"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9820"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11698"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18511"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11691"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9819"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9800"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9817"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9797"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5798"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11693"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11692"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9816"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-11775"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2769"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2769"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11775"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2816"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2816"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2762"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9817"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11698"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9797"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11692"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9819"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-18511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9820"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9800"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11691"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-5798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11772"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2786"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-11772"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2786"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921355"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-15/"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3962-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-2ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/libpng1.6/1.6.34-1ubuntu0.18.04.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11697"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1830096"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3991-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.19.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.10.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11695"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3991-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/firefox/67.0.1+build1-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/thunderbird"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-9816"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2019-14/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "152702"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154068"
},
{
"db": "PACKETSTORM",
"id": "153087"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "153065"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "152702"
},
{
"db": "PACKETSTORM",
"id": "153212"
},
{
"db": "PACKETSTORM",
"id": "154457"
},
{
"db": "PACKETSTORM",
"id": "154068"
},
{
"db": "PACKETSTORM",
"id": "153087"
},
{
"db": "PACKETSTORM",
"id": "154282"
},
{
"db": "PACKETSTORM",
"id": "153065"
},
{
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"date": "2019-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"date": "2019-06-03T14:44:44",
"db": "PACKETSTORM",
"id": "153157"
},
{
"date": "2019-05-01T16:22:22",
"db": "PACKETSTORM",
"id": "152702"
},
{
"date": "2019-06-06T17:02:22",
"db": "PACKETSTORM",
"id": "153212"
},
{
"date": "2019-09-11T19:58:39",
"db": "PACKETSTORM",
"id": "154457"
},
{
"date": "2019-08-15T20:14:24",
"db": "PACKETSTORM",
"id": "154068"
},
{
"date": "2019-05-24T23:22:22",
"db": "PACKETSTORM",
"id": "153087"
},
{
"date": "2019-09-02T17:37:20",
"db": "PACKETSTORM",
"id": "154282"
},
{
"date": "2019-05-23T16:55:38",
"db": "PACKETSTORM",
"id": "153065"
},
{
"date": "2019-02-04T08:29:00.447000",
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-23T00:00:00",
"db": "VULMON",
"id": "CVE-2019-7317"
},
{
"date": "2022-07-05T03:02:00",
"db": "JVNDB",
"id": "JVNDB-2019-001545"
},
{
"date": "2024-11-21T04:48:00.033000",
"db": "NVD",
"id": "CVE-2019-7317"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "152702"
}
],
"trust": 0.1
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libpng\u00a0 Vulnerability in using free memory in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001545"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "153157"
},
{
"db": "PACKETSTORM",
"id": "153065"
}
],
"trust": 0.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…