9.8

CVE-2019-11068

EPSS 1.01%
Published 10.04.2019 20:29:01
Last modified 21.11.2024 04:20:28
Source cve@mitre.org
Teams watchlist Login
Open Login

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.

Affected products Warnungen 0 Metrics 3 CWE 0 References 19

Data is provided by the National Vulnerability Database (NVD)

Xmlsoft ≫ Libxslt Version <= 1.1.33

Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Debian ≫ Debian Linux Version8.0

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Oracle ≫ Jdk Version8.0 Updateupdate_221

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Cloud Backup Version-

Netapp ≫ E-series Santricity Management Plug-ins Version- SwPlatformvmware_vcenter

Netapp ≫ E-series Santricity Os Controller Version >= 11.0 <= 11.70.2

Netapp ≫ E-series Santricity Storage Manager Version-

Netapp ≫ E-series Santricity Unified Manager Version-

Netapp ≫ E-series Santricity Web Services Proxy Version-

Netapp ≫ Element Software Version-

Netapp ≫ Hci Management Node Version-

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Plug-in For Symantec Netbackup Version-

Netapp ≫ Santricity Unified Manager Version-

Netapp ≫ Snapmanager Version- SwPlatformsap

Netapp ≫ Snapmanager Version- Update- SwPlatformoracle

Netapp ≫ Solidfire Version-

Netapp ≫ Steelstore Cloud Integrated Storage Version-

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version42.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.01%	0.764

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Patch

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00048.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00053.html

Third Party Advisory

http://www.openwall.com/lists/oss-security/2019/04/22/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2019/04/23/5

Third Party Advisory

Mailing List

https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2019/04/msg00016.html

Third Party Advisory

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCOAX2IHUMKCM3ILHTMGLHCDSBTLP2JU/

https://security.netapp.com/advisory/ntap-20191017-0001/

Third Party Advisory

https://usn.ubuntu.com/3947-1/

Third Party Advisory

https://usn.ubuntu.com/3947-2/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11068

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11068

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11068

EUVD