Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME9C1A49043693794000D0923340F217402D1FA6EE6CB02F1F2FBFA857D52D321
HistoryMar 07, 2019 - 8:10 p.m.

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring

2019-03-0720:10:01
www.ibm.com
25

0.043 Low

EPSS

Percentile

92.4%

JSON

Summary

Security Vulnerabilities affect IBM Cloud Private Monitoring

Vulnerability Details

CVEID: CVE-2018-14618 DESCRIPTION: cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curl_ntlm_core_mk_nt_hash internal function in the NTLM authentication code. By sending an overly long password, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149359&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-12384 DESCRIPTION: Mozilla Network Security Services (NSS), as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by the improper handling of an SSLv2-compatible ClientHello message. By conducting a passive replay attack, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150436&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2018-10904 DESCRIPTION: glusterfs could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper validation of file paths in the trusted.io-stats-dump extended attribute. By sending a specially-crafted request, an attacker could exploit this vulnerability to create files and execute arbitrary code on the system.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149295&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Cloud Private 3.1.1

Remediation/Fixes

IBM Cloud Private 3.1.1 patch - Available in Fix Central

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud privateeq3.1.1

Related

ibm 16
veracode 4
prion 3
debiancve 3
cve 3
osv 5
redhatcve 3
ubuntucve 3
cvelist 3
nessus 60
cloudfoundry 1
openvas 43
suse 4
debian 2
nvd 3
centos 3
fedora 16
ubuntu 4
redhat 3
slackware 1
altlinux 1
alpinelinux 2
mageia 2
oraclelinux 2
amazon 4
f5 1
hackerone 1
freebsd 1
ics 1
gentoo 1
ibm
ibm
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Storage - GlusterFS and Minio
2019-03-12 14:40:01
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Logging
2019-03-07 20:10:01
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Service Catalog
2019-03-11 13:35:01
veracode
veracode
Arbitrary Code Execution
2018-09-06 08:27:32
Arbitrary Code Execution
2019-01-15 09:24:19
Denial Of Service (DoS) Through Integer Overflow
2018-09-06 01:26:18
prion
prion
Code injection
2018-09-04 13:29:00
Design/Logic Flaw
2019-04-29 15:29:00
Integer overflow
2018-09-05 19:29:00
debiancve
debiancve
CVE-2018-10904
2018-09-04 13:29:09
CVE-2018-12384
2019-04-29 15:29:00
CVE-2018-14618
2018-09-05 19:29:00
cve
cve
CVE-2018-10904
2018-09-04 13:29:09
CVE-2018-12384
2019-04-29 15:29:00
CVE-2018-14618
2018-09-05 19:29:00
osv
osv
CVE-2018-10904
2018-09-04 13:29:09
curl - security update
2018-09-05 00:00:00
curl - security update
2018-09-08 00:00:00
redhatcve
redhatcve
CVE-2018-10904
2018-09-04 05:51:19
CVE-2018-12384
2019-10-09 22:23:49
CVE-2018-14618
2018-09-05 09:19:06
ubuntucve
ubuntucve
CVE-2018-10904
2018-09-04 00:00:00
CVE-2018-12384
2018-09-04 00:00:00
CVE-2018-14618
2018-09-05 00:00:00
cvelist
cvelist
CVE-2018-10904
2018-09-04 13:00:00
CVE-2018-12384
2019-04-29 14:22:53
CVE-2018-14618
2018-09-05 19:00:00
nessus
nessus
Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2018-249-01)
2018-09-06 00:00:00
openSUSE Security Update : curl (openSUSE-2018-1008)
2018-09-17 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : curl vulnerability (USN-3765-1)
2021-11-02 00:00:00
cloudfoundry
cloudfoundry
USN-3765-1: curl vulnerability | Cloud Foundry
2018-09-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3765-1)
2018-10-26 00:00:00
Ubuntu: Security Advisory (USN-3765-2)
2022-08-26 00:00:00
Debian: Security Advisory (DLA-1498-1)
2018-09-09 00:00:00
suse
suse
Security update for curl (moderate)
2018-09-15 15:15:01
Security update for curl (moderate)
2018-09-15 15:12:20
Security update for mozilla-nss (moderate)
2018-12-13 12:16:00
debian
debian
[SECURITY] [DSA 4286-1] curl security update
2018-09-05 20:13:59
[SECURITY] [DLA 1498-1] curl security update
2018-09-08 11:54:38
nvd
nvd
CVE-2018-10904
2018-09-04 13:29:09
CVE-2018-12384
2019-04-29 15:29:00
CVE-2018-14618
2018-09-05 19:29:00
centos
centos
curl, libcurl security update
2019-07-31 13:37:28
nss security update
2018-10-09 20:22:27
nss security update
2018-09-28 16:44:15
fedora
fedora
[SECURITY] Fedora 29 Update: curl-7.61.1-1.fc29
2018-09-21 05:43:07
[SECURITY] Fedora 27 Update: nss-softokn-3.39.0-1.0.fc27
2018-09-18 07:52:53
[SECURITY] Fedora 29 Update: nss-util-3.39.0-2.fc29
2018-09-21 05:42:27
ubuntu
ubuntu
curl vulnerability
2018-09-17 00:00:00
curl vulnerability
2018-09-17 00:00:00
NSS vulnerabilities
2019-02-18 00:00:00
redhat
redhat
(RHSA-2019:1880) Low: curl security and bug fix update
2019-07-29 12:48:20
(RHSA-2018:2768) Moderate: nss security update
2018-09-25 17:31:15
(RHSA-2018:2898) Moderate: nss security update
2018-10-09 14:49:24
slackware
slackware
[slackware-security] curl
2018-09-06 07:45:09
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.61.1-alt1
2018-09-09 00:00:00
alpinelinux
alpinelinux
CVE-2018-12384
2019-04-29 15:29:00
CVE-2018-14618
2018-09-05 19:29:00
mageia
mageia
Updated firefox packages fix security vulnerability
2018-10-01 11:44:39
Updated curl packages fix security vulnerabilities
2018-10-30 21:01:43
oraclelinux
oraclelinux
nss security update
2018-10-09 00:00:00
nss security update
2018-09-25 00:00:00
amazon
amazon
Medium: nss
2018-10-23 18:41:00
Medium: nss
2018-10-24 16:35:00
Low: curl
2018-12-18 19:09:00
f5
f5
K41738501 : Mozilla NSS vulnerability CVE-2018-12384
2018-10-26 00:00:00
hackerone
hackerone
curl: An integer overflow found in /lib/urlapi.c
2019-04-24 12:05:35
freebsd
freebsd
curl -- password overflow vulnerability
2018-09-05 00:00:00
ics
ics
Siemens SINEMA Remote Connect (Update A)
2021-03-09 12:00:00
gentoo
gentoo
cURL: Multiple vulnerabilities
2019-03-10 00:00:00

0.043 Low

EPSS

Percentile

92.4%

JSON
Related for E9C1A49043693794000D0923340F217402D1FA6EE6CB02F1F2FBFA857D52D321
ibm16veracode4prion3debiancve3cve3osv5redhatcve3ubuntucve3cvelist3nessus60cloudfoundry1openvas43suse4debian2nvd3centos3fedora16ubuntu4redhat3slackware1altlinux1alpinelinux2mageia2oraclelinux2amazon4f51hackerone1freebsd1ics1gentoo1