var-201908-0261
Vulnerability from variot
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Description:
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are located in the download section of the customer portal.
The References section of this erratum contains a download link (you must log in to download the update). The purpose of this text-only errata is to inform you about the security issues fixed in this release.
The fixes are too intrusive to backport to the version in the oldstable distribution (stretch). An upgrade to Debian stable (buster) is recommended instead.
For the stable distribution (buster), these problems have been fixed in version 8.0.2+ds-1+deb10u1.
We recommend that you upgrade your trafficserver packages.
For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8 TjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM msNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur wrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W JwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo h0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF SnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp a0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO 2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR XVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH SAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh 3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM -----END PGP SIGNATURE----- . Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nodejs10-nodejs security update Advisory ID: RHSA-2019:2939-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2939 Issue date: 2019-09-30 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 =====================================================================
- Summary:
An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3).
Security Fix(es):
-
HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)
-
HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
-
HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
aarch64: rh-nodejs10-3.2-3.el7.aarch64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm rh-nodejs10-runtime-3.2-3.el7.aarch64.rpm rh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
aarch64: rh-nodejs10-3.2-3.el7.aarch64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm rh-nodejs10-runtime-3.2-3.el7.aarch64.rpm rh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXZKSV9zjgjWX9erEAQjWxw//TqsnsdfKIaX7qXrxNwXVylKrY8SrbeXt x6Qvt8AOqLn+F+JmManmBtNm9jcpuhGiKmnukzZUpWNhjJiofb2kocQHvvIJ9067 /sTyDXnFmoPYwWVjBhgw24wr/7IZc8qRFTL+Tsz2XVi/kwT2IKrq5erOb9CKVFG1 YYZ0hJKVpcrVoMTgbwp26epTsl2/CcENdNcaL8A31Hn4hBVUYU5FAx9ZTrSnOwV9 QKJ04S0BN5ChgQSXmGYGL02U5GZtA9GWPdDGH0JDckX1t4zwya8Q467xKfbmhp+n AFwBxnP5f/j7VCjwr+vM/XU4BBiK6S82LhGUQgv+uCCaLAFFA2NxRMaa25te7i/u Gu3f5O6OIfkmrPAhHsMfjqXKWJRigc8o26LAT9uGJ9j1FI5xAEa927/xQm08dopo Jvcp8hsf8bi0VM36QSJVarv9aXxJVLpQWBroCV6/Ed+Sxb+Tru/h0G1o8Cwsv6L5 OzMkws/4bxutdFf97MpF1XMxmVrTUE2Wg1lkDOAw0VSikCxgvIhS4heAtIT+nJcR DY+uqboU4KSHFRkol1tIAqlZchD7b+liLbok2Z75NSX4Jg/M3cXfRvw8DKyB8dNc vDET3a6LRCpyR+okLS2hLfb7jTEvi8rOq8Ywsc7caj4hgKsWkRXgo1udbecn0Vrf NSxxFO6EuZE= =bNnl -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0261",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "6.2.3"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.2.0"
},
{
"model": "quay",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.8.1"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.3.0"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.8.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "software collections",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.16.3"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "vs960hd",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.13"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.16.1"
},
{
"model": "swiftnio",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "1.4.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"model": "skynas",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": null
},
{
"model": "openshift service mesh",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2.0"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "traffic server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "7.1.6"
},
{
"model": "traffic server",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.0"
},
{
"model": "swiftnio",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "1.0.0"
},
{
"model": "jboss core services",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "1.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.9.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.24"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "akamai",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amazon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache traffic server",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cloudflare",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "envoy",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "facebook",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "go programming language",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "litespeed",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netty",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "twisted",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "grpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nghttp2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nginx",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154693"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
}
],
"trust": 1.4
},
"cve": "CVE-2019-9518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-9518",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-160953",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9518",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cret@cert.org",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-9518",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-9518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cret@cert.org",
"id": "CVE-2019-9518",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-940",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-160953",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. Description:\n\nRed Hat Fuse provides a small-footprint, flexible, open source enterprise\nservice bus and integration platform. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are located in the download section of the\ncustomer portal. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nThe fixes are too intrusive to backport to the version in the oldstable\ndistribution (stretch). An upgrade to Debian stable (buster) is\nrecommended instead. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 8.0.2+ds-1+deb10u1. \n\nWe recommend that you upgrade your trafficserver packages. \n\nFor the detailed security status of trafficserver please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/trafficserver\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl12uUMACgkQEMKTtsN8\nTjbP/Q//UvaJG0Gts7+yZcOmkiaVinEtOzN445QNHGGQMKPfR4/hCuY6TrO0aWUM\nmsNVTMwiEgLtXBqjNC2mT7f1UzQjZ76wb7wXAayaTsUsidMqsL9ZkVpzGSLrMBur\nwrhUpJRbDp/29qBdETP5bpjAp/Q7HMN1d9WbJa1ao2UpG1J2zpB8jQP0UjfVuM8W\nJwDlgj+Oj7M4CuQgN1A4vtK62f5k8X+d4bZZZSNUqkHKJuNFB1STDrDuZ+5aCPGo\nh0PYB/NX21T3W6AfGHIRwJda4IsSqRI/UnNIQygRs2QRiSzkGInCmb5KjsXKAiqF\nSnYLqKlxAcQ/8+zsEUqQKziBrZX6QsIiKFDYRV29KoK3AwDm7s5Q4KHzXGtNX5Mp\na0GzAccDa1GpTxzSI8u5Jo60Ygf2ETkpwiyWSUivcFnzASyDCAwNLAwPAWpfARhO\n2rE+LIi42dGnGfa2plKt7jvQDBj2hBvRHd8nMT8ugoJCTQCNnHC9X5/RNWPqIZmR\nXVHQSRTR8BCCnTdRuvXJB3oQyRQZORMqrsYoARm50+J/v2wJ/Q8Wo4kwWXpflDoH\nSAO10qjWU9Ja5giiQJh9ToJKPfx6sAma77XoaBz0HteCs3uCvyJK5cpmmoMcImyh\n3po/YTjSdJRYZI9YjLWT1ZDP6TeueBkIqf07uuT9Kk92VWuyfhs=UFIM\n-----END PGP SIGNATURE-----\n. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nodejs10-nodejs security update\nAdvisory ID: RHSA-2019:2939-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2939\nIssue date: 2019-09-30\nCVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 \n CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 \n CVE-2019-9517 CVE-2019-9518 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nodejs10-nodejs is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3). \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\naarch64:\nrh-nodejs10-3.2-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm\nrh-nodejs10-runtime-3.2-3.el7.aarch64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\naarch64:\nrh-nodejs10-3.2-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm\nrh-nodejs10-runtime-3.2-3.el7.aarch64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZKSV9zjgjWX9erEAQjWxw//TqsnsdfKIaX7qXrxNwXVylKrY8SrbeXt\nx6Qvt8AOqLn+F+JmManmBtNm9jcpuhGiKmnukzZUpWNhjJiofb2kocQHvvIJ9067\n/sTyDXnFmoPYwWVjBhgw24wr/7IZc8qRFTL+Tsz2XVi/kwT2IKrq5erOb9CKVFG1\nYYZ0hJKVpcrVoMTgbwp26epTsl2/CcENdNcaL8A31Hn4hBVUYU5FAx9ZTrSnOwV9\nQKJ04S0BN5ChgQSXmGYGL02U5GZtA9GWPdDGH0JDckX1t4zwya8Q467xKfbmhp+n\nAFwBxnP5f/j7VCjwr+vM/XU4BBiK6S82LhGUQgv+uCCaLAFFA2NxRMaa25te7i/u\nGu3f5O6OIfkmrPAhHsMfjqXKWJRigc8o26LAT9uGJ9j1FI5xAEa927/xQm08dopo\nJvcp8hsf8bi0VM36QSJVarv9aXxJVLpQWBroCV6/Ed+Sxb+Tru/h0G1o8Cwsv6L5\nOzMkws/4bxutdFf97MpF1XMxmVrTUE2Wg1lkDOAw0VSikCxgvIhS4heAtIT+nJcR\nDY+uqboU4KSHFRkol1tIAqlZchD7b+liLbok2Z75NSX4Jg/M3cXfRvw8DKyB8dNc\nvDET3a6LRCpyR+okLS2hLfb7jTEvi8rOq8Ywsc7caj4hgKsWkRXgo1udbecn0Vrf\nNSxxFO6EuZE=\n=bNnl\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-9518"
},
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154693"
},
{
"db": "PACKETSTORM",
"id": "154663"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-9518",
"trust": 2.6
},
{
"db": "CERT/CC",
"id": "VU#605641",
"trust": 2.5
},
{
"db": "MCAFEE",
"id": "SB10296",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "158651",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155728",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155352",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157214",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "156852",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1335",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0832",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0100",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2619",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4596",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4343",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1427",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0643",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3597.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0007",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5666",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1030",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4332",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1076",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4737",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3325",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4645",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4788",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4665",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3114",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156941",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "156628",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "43922",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-346-01",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072128",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158650",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-160953",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154430",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154693",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154663",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154693"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"id": "VAR-201908-0261",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-160953"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:27:08.371000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HTTP/2 Remedial measures to achieve security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=96623"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.1
},
{
"problemtype": "CWE-770",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md"
},
{
"trust": 2.5,
"url": "https://www.synology.com/security/advisory/synology_sa_19_33"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3892"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:4352"
},
{
"trust": 2.3,
"url": "https://www.debian.org/security/2019/dsa-4520"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2925"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:2939"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/aug/24"
},
{
"trust": 1.7,
"url": "https://seclists.org/bugtraq/2019/sep/18"
},
{
"trust": 1.7,
"url": "https://kb.cert.org/vuls/id/605641/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20190823-0005/"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/aug/16"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2955"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2020:0727"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html"
},
{
"trust": 1.6,
"url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html"
},
{
"trust": 1.6,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518"
},
{
"trust": 1.1,
"url": "https://support.f5.com/csp/article/k46011592"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512"
},
{
"trust": 0.8,
"url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7540"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc7541"
},
{
"trust": 0.8,
"url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/"
},
{
"trust": 0.8,
"url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/"
},
{
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9512"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9514"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9515"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-9518"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3ccommits.cassandra.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3cannounce.trafficserver.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3cdev.trafficserver.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3cusers.trafficserver.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "http2-cves/"
},
{
"trust": 0.6,
"url": "https://www.cloudfoundry.org/blog/various-"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512"
},
{
"trust": 0.6,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1.html"
},
{
"trust": 0.6,
"url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht210436"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k50233772"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1126605"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1104951"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109787"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109781"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1108515"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1109775"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165894"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165906"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1135167"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164346"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1164364"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1128387"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4788/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4586/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4332/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0643/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143454"
},
{
"trust": 0.6,
"url": "http2-implementation-vulnerablility/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2619/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3114/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3299/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1335/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4737/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0832/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1137466"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/43922"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1076/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3325/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127397"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1427/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4645/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4665/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/"
},
{
"trust": 0.6,
"url": "https://pivotal.io/security/cve-2019-9517"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4596/"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht210436"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072128"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html"
},
{
"trust": 0.6,
"url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9518"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1150960"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4343/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0100/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1167160"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0007/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4238/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3412/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1165852"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1030/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1127853"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2019-16869"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-20444"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-7238"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11112"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9547"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11113"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9546"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14060"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12406"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1718"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-9548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11620"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-20330"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-11111"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0201"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0201"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10247"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10241"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3196"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.8/html/release_notes_for_red_hat_decision_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=securitypatches\u0026version=6.3"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12384"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.5.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8034"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-1131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0204"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-12022"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11775"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-17485"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-15095"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-8009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-11307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14860"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3197"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10086"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/trafficserver"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:1445"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:0922"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154693"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#605641"
},
{
"db": "VULHUB",
"id": "VHN-160953"
},
{
"db": "PACKETSTORM",
"id": "158650"
},
{
"db": "PACKETSTORM",
"id": "155728"
},
{
"db": "PACKETSTORM",
"id": "155352"
},
{
"db": "PACKETSTORM",
"id": "158651"
},
{
"db": "PACKETSTORM",
"id": "154430"
},
{
"db": "PACKETSTORM",
"id": "157214"
},
{
"db": "PACKETSTORM",
"id": "156852"
},
{
"db": "PACKETSTORM",
"id": "154693"
},
{
"db": "PACKETSTORM",
"id": "154663"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
},
{
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-13T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2019-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-160953"
},
{
"date": "2020-07-29T17:52:58",
"db": "PACKETSTORM",
"id": "158650"
},
{
"date": "2019-12-19T22:07:40",
"db": "PACKETSTORM",
"id": "155728"
},
{
"date": "2019-11-15T16:16:10",
"db": "PACKETSTORM",
"id": "155352"
},
{
"date": "2020-07-29T17:53:05",
"db": "PACKETSTORM",
"id": "158651"
},
{
"date": "2019-09-10T23:12:17",
"db": "PACKETSTORM",
"id": "154430"
},
{
"date": "2020-04-14T15:39:41",
"db": "PACKETSTORM",
"id": "157214"
},
{
"date": "2020-03-23T15:57:42",
"db": "PACKETSTORM",
"id": "156852"
},
{
"date": "2019-09-30T22:22:22",
"db": "PACKETSTORM",
"id": "154693"
},
{
"date": "2019-09-30T13:33:33",
"db": "PACKETSTORM",
"id": "154663"
},
{
"date": "2019-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-940"
},
{
"date": "2019-08-13T21:15:13.003000",
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-19T00:00:00",
"db": "CERT/CC",
"id": "VU#605641"
},
{
"date": "2020-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-160953"
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-940"
},
{
"date": "2024-11-21T04:51:47.587000",
"db": "NVD",
"id": "CVE-2019-9518"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion",
"sources": [
{
"db": "CERT/CC",
"id": "VU#605641"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-940"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.