what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

CVE-2019-11719

Status Candidate

Overview

When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Related Files

Red Hat Security Advisory 2021-1079-01
Posted Apr 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1079-01 - Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Data exposure issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-12652, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-14973, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-17546, CVE-2019-19956, CVE-2019-20388, CVE-2019-20907, CVE-2019-5094, CVE-2019-5188, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-14422, CVE-2020-15999, CVE-2020-1971, CVE-2020-5313
MD5 | 6b25e7f5601acf3c1a2f2dbe746ecedc
Red Hat Security Advisory 2021-1129-01
Posted Apr 8, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1129-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19126, CVE-2019-19532, CVE-2019-19956, CVE-2019-20388, CVE-2019-20907, CVE-2019-5094, CVE-2019-5188, CVE-2020-0427, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-14040, CVE-2020-14351, CVE-2020-1971
MD5 | 0aac387101bdf7b27b57090a9070a68c
Red Hat Security Advisory 2021-0949-01
Posted Mar 22, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0949-01 - Red Hat OpenShift Do is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Red Hat OpenShift Do openshift/odo-init-image 1.1.3 is a container image that is used as part of the InitContainer setup that provisions odo components.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19956, CVE-2019-20388, CVE-2019-20907, CVE-2019-5094, CVE-2019-5188, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-1971, CVE-2020-6829, CVE-2020-7595, CVE-2020-8177
MD5 | 5d9bb5ed3d28f53dd20a3130fa28953c
Red Hat Security Advisory 2021-0778-01
Posted Mar 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.

tags | advisory, web, vulnerability, code execution, xss
systems | linux, redhat
advisories | CVE-2016-5766, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12749, CVE-2019-14866, CVE-2019-15903, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-19956, CVE-2019-20372, CVE-2019-20388, CVE-2019-20907, CVE-2020-10543, CVE-2020-10878, CVE-2020-11022, CVE-2020-11023, CVE-2020-12243, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-12723, CVE-2020-1971
MD5 | 198f85a6d096aab12ca29885a346b930
Red Hat Security Advisory 2020-4264-01
Posted Oct 21, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4264-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-12652, CVE-2017-18190, CVE-2018-20843, CVE-2019-11068, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12450, CVE-2019-12749, CVE-2019-14822, CVE-2019-14866, CVE-2019-14973, CVE-2019-15903, CVE-2019-16935, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-17546, CVE-2019-18197, CVE-2019-19126, CVE-2019-19956, CVE-2019-20386, CVE-2019-20388, CVE-2019-2974, CVE-2019-5094, CVE-2019-5188, CVE-2019-5482
MD5 | 71ada3b5556f039a7b36202dee923f3d
Red Hat Security Advisory 2020-4255-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4255-01 - Updated python-psutil version to 5.6.6 inside ansible-runner container. Issues addressed include a double free vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2017-12652, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12450, CVE-2019-12749, CVE-2019-14822, CVE-2019-14866, CVE-2019-14973, CVE-2019-15903, CVE-2019-16935, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-17546, CVE-2019-18874, CVE-2019-19126, CVE-2019-19956, CVE-2019-20386, CVE-2019-20388, CVE-2019-5094, CVE-2019-5188, CVE-2019-5482, CVE-2020-12243, CVE-2020-12400, CVE-2020-1240
MD5 | 58f59d6ce0b4b1154f03aa325ad90c26
Red Hat Security Advisory 2020-4254-01
Posted Oct 14, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4254-01 - Updated python-psutil version to 5.6.6 inside ansible-runner container. Issues addressed include a double free vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2017-12652, CVE-2018-20843, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-12450, CVE-2019-12749, CVE-2019-14822, CVE-2019-14866, CVE-2019-14973, CVE-2019-15903, CVE-2019-16935, CVE-2019-17006, CVE-2019-17023, CVE-2019-17498, CVE-2019-17546, CVE-2019-18874, CVE-2019-19126, CVE-2019-19956, CVE-2019-20386, CVE-2019-20388, CVE-2019-5094, CVE-2019-5188, CVE-2019-5482, CVE-2020-12243, CVE-2020-12400, CVE-2020-1240
MD5 | 4d31403d6728670d6c8a9619f88b115f
Red Hat Security Advisory 2020-4076-01
Posted Sep 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4076-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. Issues addressed include bypass, memory leak, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-17006, CVE-2019-17023, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-6829
MD5 | a70ff27bdd6a00b5fbf6c908f7422473
Gentoo Linux Security Advisory 201908-20
Posted Aug 16, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201908-20 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 60.8.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706, CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
MD5 | f2d6582865a54e12716f61531fd66938
Gentoo Linux Security Advisory 201908-12
Posted Aug 15, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201908-12 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 60.8.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-11707, CVE-2019-11708, CVE-2019-11709, CVE-2019-11710, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
MD5 | a8e68267ac356665d3881a395692ae9a
Red Hat Security Advisory 2019-1951-01
Posted Jul 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1951-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. Issues addressed include denial of service and null pointer vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-18508, CVE-2019-11719, CVE-2019-11727, CVE-2019-11729
MD5 | 149884dabe46ee0cc754a9468c4d2846
Ubuntu Security Notice USN-4054-2
Posted Jul 26, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4054-2 - USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability, xss, csrf
systems | linux, ubuntu
advisories | CVE-2019-11711, CVE-2019-11715, CVE-2019-11719, CVE-2019-11724, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
MD5 | e9c0ca3d330f36b3511d7b7429ddec69
Ubuntu Security Notice USN-4064-1
Posted Jul 18, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4064-1 - A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting attacks, spoof origin attributes, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, xss
systems | linux, ubuntu
advisories | CVE-2019-11709, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
MD5 | f7be91863a97abc792600ed7d274b78d
Ubuntu Security Notice USN-4060-2
Posted Jul 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4060-2 - USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-11719, CVE-2019-11729
MD5 | f36f42a446af8c0537c1e6f353b38dc2
Ubuntu Security Notice USN-4060-1
Posted Jul 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4060-1 - Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1 v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2019-11719, CVE-2019-11727, CVE-2019-11729
MD5 | acf4fb5b8ce93a4b59ab3ef1e3ef1c1b
Ubuntu Security Notice USN-4054-1
Posted Jul 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4054-1 - A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, xss, csrf
systems | linux, ubuntu
advisories | CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
MD5 | 8ea6959ed7ac020d5ddd786544d68258
Debian Security Advisory 4479-1
Posted Jul 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4479-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.

tags | advisory, web, denial of service, arbitrary, spoof, xss, info disclosure, csrf
systems | linux, debian
advisories | CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
MD5 | 1e90e6a1c90fc8275f2fadb11f5d1fc8
Slackware Security Advisory - mozilla-firefox Updates
Posted Jul 11, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11719, CVE-2019-11729, CVE-2019-11730, CVE-2019-9811
MD5 | 2d043b5f1b5a213fbd8feec43d400beb
Page 1 of 1
Back1Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close