Details of VAR-201912-1044

ID

VAR-201912-1044

CVE

CVE-2019-19956

TITLE

libxml2 Vulnerabilities in lack of freeing resources after a valid lifetime

Trust: 0.8

sources: JVNDB: JVNDB-2019-013540

DESCRIPTION

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. libxml2 Is vulnerable to a lack of resource release after a valid lifetime.Denial of service (DoS) It may be put into a state. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. Bug Fix(es): * Configuring the system with non-RT kernel will hang the system (BZ#1923220) 3. Bugs fixed (https://bugzilla.redhat.com/): 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 5. JIRA issues fixed (https://issues.jboss.org/): CNF-802 - Infrastructure-provided enablement/disablement of interrupt processing for guaranteed pod CPUs CNF-854 - Performance tests in CNF Tests 6. Bug Fix(es): * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479) * The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251) * The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634) * [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414) * The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991) * Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081) * [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122) 3. Bugs fixed (https://bugzilla.redhat.com/): 1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup 5. Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. The advisory addresses the following issues: * Re-release of odo-init-image 1.1.3 for security updates 3. Solution: Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1832983 - Release of 1.1.3 odo-init-image 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 4.7.0 extras and security update Advisory ID: RHSA-2020:5635-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2020:5635 Issue date: 2021-02-24 CVE Names: CVE-2018-20843 CVE-2019-3884 CVE-2019-5018 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2019-13050 CVE-2019-13225 CVE-2019-13627 CVE-2019-14889 CVE-2019-15165 CVE-2019-15903 CVE-2019-16168 CVE-2019-16935 CVE-2019-17450 CVE-2019-17546 CVE-2019-19221 CVE-2019-19906 CVE-2019-19956 CVE-2019-20218 CVE-2019-20387 CVE-2019-20388 CVE-2019-20454 CVE-2019-20807 CVE-2019-20907 CVE-2019-20916 CVE-2020-1730 CVE-2020-1751 CVE-2020-1752 CVE-2020-1971 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3898 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-6405 CVE-2020-7595 CVE-2020-8492 CVE-2020-8566 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-9327 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-10018 CVE-2020-10029 CVE-2020-11793 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14040 CVE-2020-14382 CVE-2020-14391 CVE-2020-14422 CVE-2020-15157 CVE-2020-15503 CVE-2020-15999 CVE-2020-24659 CVE-2020-24750 CVE-2020-25211 CVE-2020-25658 CVE-2021-3121 ==================================================================== 1. Summary: Red Hat OpenShift Container Platform release 4.7.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): * jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750) * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.0. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHEA-2020:5633 All OpenShift Container Platform users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor. 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html. 4. Bugs fixed (https://bugzilla.redhat.com/): 1823765 - nfd-workers crash under an ipv6 environment 1838802 - mysql8 connector from operatorhub does not work with metering operator 1838845 - Metering operator can't connect to postgres DB from Operator Hub 1841883 - namespace-persistentvolumeclaim-usage query returns unexpected values 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1868294 - NFD operator does not allow customisation of nfd-worker.conf 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1890672 - NFD is missing a build flag to build correctly 1890741 - path to the CA trust bundle ConfigMap is broken in report operator 1897346 - NFD worker pods not scheduler on a 3 node master/worker cluster 1898373 - Metering operator failing upgrade from 4.4 to 4.6 channel 1900125 - FIPS error while generating RSA private key for CA 1906129 - OCP 4.7: Node Feature Discovery (NFD) Operator in CrashLoopBackOff when deployed from OperatorHub 1908492 - OCP 4.7: Node Feature Discovery (NFD) Operator Custom Resource Definition file in olm-catalog is not in sync with the one in manifests dir leading to failed deployment from OperatorHub 1913837 - The CI and ART 4.7 metering images are not mirrored 1914869 - OCP 4.7 NFD - Operand configuration options for NodeFeatureDiscovery are empty, no supported image for ppc64le 1916010 - olm skip range is set to the wrong range 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923998 - NFD Operator is failing to update and remains in Replacing state 5. References: https://access.redhat.com/security/cve/CVE-2018-20843 https://access.redhat.com/security/cve/CVE-2019-3884 https://access.redhat.com/security/cve/CVE-2019-5018 https://access.redhat.com/security/cve/CVE-2019-8625 https://access.redhat.com/security/cve/CVE-2019-8710 https://access.redhat.com/security/cve/CVE-2019-8720 https://access.redhat.com/security/cve/CVE-2019-8743 https://access.redhat.com/security/cve/CVE-2019-8764 https://access.redhat.com/security/cve/CVE-2019-8766 https://access.redhat.com/security/cve/CVE-2019-8769 https://access.redhat.com/security/cve/CVE-2019-8771 https://access.redhat.com/security/cve/CVE-2019-8782 https://access.redhat.com/security/cve/CVE-2019-8783 https://access.redhat.com/security/cve/CVE-2019-8808 https://access.redhat.com/security/cve/CVE-2019-8811 https://access.redhat.com/security/cve/CVE-2019-8812 https://access.redhat.com/security/cve/CVE-2019-8813 https://access.redhat.com/security/cve/CVE-2019-8814 https://access.redhat.com/security/cve/CVE-2019-8815 https://access.redhat.com/security/cve/CVE-2019-8816 https://access.redhat.com/security/cve/CVE-2019-8819 https://access.redhat.com/security/cve/CVE-2019-8820 https://access.redhat.com/security/cve/CVE-2019-8823 https://access.redhat.com/security/cve/CVE-2019-8835 https://access.redhat.com/security/cve/CVE-2019-8844 https://access.redhat.com/security/cve/CVE-2019-8846 https://access.redhat.com/security/cve/CVE-2019-13050 https://access.redhat.com/security/cve/CVE-2019-13225 https://access.redhat.com/security/cve/CVE-2019-13627 https://access.redhat.com/security/cve/CVE-2019-14889 https://access.redhat.com/security/cve/CVE-2019-15165 https://access.redhat.com/security/cve/CVE-2019-15903 https://access.redhat.com/security/cve/CVE-2019-16168 https://access.redhat.com/security/cve/CVE-2019-16935 https://access.redhat.com/security/cve/CVE-2019-17450 https://access.redhat.com/security/cve/CVE-2019-17546 https://access.redhat.com/security/cve/CVE-2019-19221 https://access.redhat.com/security/cve/CVE-2019-19906 https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20218 https://access.redhat.com/security/cve/CVE-2019-20387 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2019-20454 https://access.redhat.com/security/cve/CVE-2019-20807 https://access.redhat.com/security/cve/CVE-2019-20907 https://access.redhat.com/security/cve/CVE-2019-20916 https://access.redhat.com/security/cve/CVE-2020-1730 https://access.redhat.com/security/cve/CVE-2020-1751 https://access.redhat.com/security/cve/CVE-2020-1752 https://access.redhat.com/security/cve/CVE-2020-1971 https://access.redhat.com/security/cve/CVE-2020-3862 https://access.redhat.com/security/cve/CVE-2020-3864 https://access.redhat.com/security/cve/CVE-2020-3865 https://access.redhat.com/security/cve/CVE-2020-3867 https://access.redhat.com/security/cve/CVE-2020-3868 https://access.redhat.com/security/cve/CVE-2020-3885 https://access.redhat.com/security/cve/CVE-2020-3894 https://access.redhat.com/security/cve/CVE-2020-3895 https://access.redhat.com/security/cve/CVE-2020-3897 https://access.redhat.com/security/cve/CVE-2020-3898 https://access.redhat.com/security/cve/CVE-2020-3899 https://access.redhat.com/security/cve/CVE-2020-3900 https://access.redhat.com/security/cve/CVE-2020-3901 https://access.redhat.com/security/cve/CVE-2020-3902 https://access.redhat.com/security/cve/CVE-2020-6405 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/cve/CVE-2020-8492 https://access.redhat.com/security/cve/CVE-2020-8566 https://access.redhat.com/security/cve/CVE-2020-8619 https://access.redhat.com/security/cve/CVE-2020-8622 https://access.redhat.com/security/cve/CVE-2020-8623 https://access.redhat.com/security/cve/CVE-2020-8624 https://access.redhat.com/security/cve/CVE-2020-9327 https://access.redhat.com/security/cve/CVE-2020-9802 https://access.redhat.com/security/cve/CVE-2020-9803 https://access.redhat.com/security/cve/CVE-2020-9805 https://access.redhat.com/security/cve/CVE-2020-9806 https://access.redhat.com/security/cve/CVE-2020-9807 https://access.redhat.com/security/cve/CVE-2020-9843 https://access.redhat.com/security/cve/CVE-2020-9850 https://access.redhat.com/security/cve/CVE-2020-9862 https://access.redhat.com/security/cve/CVE-2020-9893 https://access.redhat.com/security/cve/CVE-2020-9894 https://access.redhat.com/security/cve/CVE-2020-9895 https://access.redhat.com/security/cve/CVE-2020-9915 https://access.redhat.com/security/cve/CVE-2020-9925 https://access.redhat.com/security/cve/CVE-2020-10018 https://access.redhat.com/security/cve/CVE-2020-10029 https://access.redhat.com/security/cve/CVE-2020-11793 https://access.redhat.com/security/cve/CVE-2020-13630 https://access.redhat.com/security/cve/CVE-2020-13631 https://access.redhat.com/security/cve/CVE-2020-13632 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/cve/CVE-2020-14382 https://access.redhat.com/security/cve/CVE-2020-14391 https://access.redhat.com/security/cve/CVE-2020-14422 https://access.redhat.com/security/cve/CVE-2020-15157 https://access.redhat.com/security/cve/CVE-2020-15503 https://access.redhat.com/security/cve/CVE-2020-15999 https://access.redhat.com/security/cve/CVE-2020-24659 https://access.redhat.com/security/cve/CVE-2020-24750 https://access.redhat.com/security/cve/CVE-2020-25211 https://access.redhat.com/security/cve/CVE-2020-25658 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYDZx29zjgjWX9erEAQiEgw/8DBuxuo7e4Ww4JhGygUbWXrPRpqJ7EJGr drhHbl+7uxzEcIIPBh3yN41AHKAJDfdCrGglmGdqrtDjrO94T+yVOucl0wwFPOoY 0zSdNBgpQlgRIzbmtpsDFv3N09kP6rWiUMbCGWiGTPKTSzYKP1T7ugA2WeK5pwXR QeEbmp4Ewbur3KOgdcj75++PgJ8OIQhZcN+u5q/6ThcKmXOUSflVp1U6V8X5vm6i vyV91W2uQcbE3ttBp2n2utrDi1c2C6dQL8AcnApetB/Kz7tHxviW+ZV9hzOhQEtd w4rMKx4HTntvWnvrETVTxYI4Zq+Zs4CAGVfemika/GzhM9z+BTsmeoNXEWVDcp3X g+4ItofTYQON4WhPBzaPdCLFNbBIOxZpqFbVblVouwCw5e+QKOx0PJPtLk5XlePt ofKaoxgu9OYonOafKvTncZu4gBL4vNHrggnDBB8TKxgojh6lELImxAndjuD8hmca 2WWhFDqANz4ib4ldVfPvLm6uwaXpqCNgYNYWMtzWTSYtr/K3emmKWDzfRn2UXFEB aFeds0m0Z7DBMnlq2wEecaZMYW1r10AZs/MAlpTkeiRu7EGOlepiw5HKFBZFhkUB vAHKSnP4VTZRNTG5xa5b4abWcYYAJo3dvvsLGTwy4aBM4j/zR01mDbXYE3+APfHS uytAlyUdH6c=Ibze -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0 5

Trust: 2.34

sources: NVD: CVE-2019-19956 // JVNDB: JVNDB-2019-013540 // VULMON: CVE-2019-19956 // PACKETSTORM: 161727 // PACKETSTORM: 161548 // PACKETSTORM: 161016 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 161536 // PACKETSTORM: 160961

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	xmlsoft	model:	libxml2	scope:	lt	version:	2.9.10	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	clustered data ontap antivirus connector	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	real user experience insight	scope:	eq	version:	13.3.1.0	Trust: 1.0
vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	netapp	model:	ontap select deploy administration utility	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	manageability software development kit	scope:	eq	version:	-	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	xmlsoft	model:	libxml2	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-013540 // NVD: CVE-2019-19956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19956
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2019-19956
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-19956
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201912-1088
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-19956
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-19956
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2019-19956
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2019-19956
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2019-19956 // CNNVD: CNNVD-201912-1088 // JVNDB: JVNDB-2019-013540 // NVD: CVE-2019-19956 // NVD: CVE-2019-19956

PROBLEMTYPE DATA

problemtype:	CWE-772	Trust: 1.0
problemtype:	CWE-401	Trust: 1.0
problemtype:	Lack of resource release after valid lifetime (CWE-772) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2019-013540 // NVD: CVE-2019-19956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1088

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-1088

PATCH

title:	[SECURITY] [DLA 2048-1] libxml2 security update xmlsoft.orgGNOME GIT REPOSITORY	url:	https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html	Trust: 0.8
title:	libxml2 Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=106417	Trust: 0.6
title:	Red Hat: Moderate: libxml2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204479 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: libxml2 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203996 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: libxml2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4274-1	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202646 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202644 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1438	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1438	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1534	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1534	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0d160980ab72db34060d62c89304b6f2	Trust: 0.1
title:	Red Hat: Moderate: Release of OpenShift Serverless 1.11.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205149 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Release of OpenShift Serverless 1.12.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210146 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210190 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210050 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210436 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3201548b0e11fd3ecd83fd36fc045a8e	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205605 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	-	url:	https://github.com/vincent-deng/veracode-container-security-finding-parser	Trust: 0.1

sources: VULMON: CVE-2019-19956 // CNNVD: CNNVD-201912-1088 // JVNDB: JVNDB-2019-013540

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19956	Trust: 3.2
db:	SIEMENS	id:	SSA-292794	Trust: 1.7
db:	ICS CERT	id:	ICSA-21-103-08	Trust: 1.7
db:	JVN	id:	JVNVU96269392	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-013540	Trust: 0.8
db:	PACKETSTORM	id:	161727	Trust: 0.7
db:	PACKETSTORM	id:	159553	Trust: 0.7
db:	PACKETSTORM	id:	161916	Trust: 0.7
db:	PACKETSTORM	id:	161536	Trust: 0.7
db:	PACKETSTORM	id:	160961	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0584	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3732	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1207	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3535	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2604	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1744	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4513	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1242	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1727	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4058	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1826	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2162	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3364	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0234	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3631	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2475	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0864	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0471	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0845	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0025	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3868	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0986	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3550	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0691	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4100	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3102	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0319	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1193	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0171	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0099	Trust: 0.6
db:	PACKETSTORM	id:	160889	Trust: 0.6
db:	PACKETSTORM	id:	159851	Trust: 0.6
db:	PACKETSTORM	id:	162142	Trust: 0.6
db:	PACKETSTORM	id:	161429	Trust: 0.6
db:	PACKETSTORM	id:	159661	Trust: 0.6
db:	PACKETSTORM	id:	162130	Trust: 0.6
db:	PACKETSTORM	id:	159349	Trust: 0.6
db:	PACKETSTORM	id:	156276	Trust: 0.6
db:	PACKETSTORM	id:	158168	Trust: 0.6
db:	PACKETSTORM	id:	160125	Trust: 0.6
db:	PACKETSTORM	id:	162694	Trust: 0.6
db:	CS-HELP	id:	SB2021041514	Trust: 0.6
db:	CS-HELP	id:	SB2021052216	Trust: 0.6
db:	CS-HELP	id:	SB2022072097	Trust: 0.6
db:	CS-HELP	id:	SB2021111735	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-1088	Trust: 0.6
db:	VULMON	id:	CVE-2019-19956	Trust: 0.1
db:	PACKETSTORM	id:	161548	Trust: 0.1
db:	PACKETSTORM	id:	161016	Trust: 0.1

sources: VULMON: CVE-2019-19956 // PACKETSTORM: 161727 // PACKETSTORM: 161548 // PACKETSTORM: 161016 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 161536 // PACKETSTORM: 160961 // CNNVD: CNNVD-201912-1088 // JVNDB: JVNDB-2019-013540 // NVD: CVE-2019-19956

REFERENCES

url:	https://usn.ubuntu.com/4274-1/	Trust: 2.4
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 2.1
url:	https://gitlab.gnome.org/gnome/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200114-0002/	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 1.3
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5r55zr52rmbx24tqtwhciwkjvrv6yawi/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jdpf3aavkuakdyfmfksiqsvvs3eefpqh/	Trust: 1.1
url:	https://jvn.jp/vu/jvnvu96269392/index.html	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5r55zr52rmbx24tqtwhciwkjvrv6yawi/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jdpf3aavkuakdyfmfksiqsvvs3eefpqh/	Trust: 0.6
url:	https://www.debian.org/lts/security/2019/dla-2048	Trust: 0.6
url:	https://packetstormsecurity.com/files/161536/red-hat-security-advisory-2020-5635-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6455281	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3535/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052216	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2162/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1727	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1207	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-libxml2-vulnerabilities-cve-2019-19956-cve-2019-20388-cve-2020-7595/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161429/red-hat-security-advisory-2021-0436-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-4/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0171/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabilities-in-libxml2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4100/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520474	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0845	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0025/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0691	Trust: 0.6
url:	https://packetstormsecurity.com/files/162694/red-hat-security-advisory-2021-2021-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0099/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4058	Trust: 0.6
url:	https://packetstormsecurity.com/files/160889/red-hat-security-advisory-2021-0050-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/160125/red-hat-security-advisory-2020-5149-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/160961/red-hat-security-advisory-2021-0146-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3868/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1744	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072097	Trust: 0.6
url:	https://packetstormsecurity.com/files/158168/red-hat-security-advisory-2020-2646-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021111735	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2475/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0319/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0471/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4513/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0234/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0584	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-6/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1193	Trust: 0.6
url:	https://vigilance.fr/vulnerability/libxml2-memory-leak-via-xmlparsebalancedchunkmemoryrecover-31236	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-libxml2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0864	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3732	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0986	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-libxml2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159349/red-hat-security-advisory-2020-3996-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-6/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2604	Trust: 0.6
url:	https://packetstormsecurity.com/files/159851/red-hat-security-advisory-2020-4479-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/156276/ubuntu-security-notice-usn-4274-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1242	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041514	Trust: 0.6
url:	https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1826/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3102/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3550	Trust: 0.6
url:	https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-libxml2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3631/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3364/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.5
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.5
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19906	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-13627	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1730	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-6405	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-19906	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20387	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13050	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-13050	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20387	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13627	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14889	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20218	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5018	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1751	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-13632	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16168	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-16168	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20218	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-10029	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-24659	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-13630	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-1752	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-9327	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20454	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19221	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-19221	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-16935	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16935	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-13631	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-5018	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14889	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-20454	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17450	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20916	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-15165	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14382	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-17450	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15165	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20916	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-8492	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14422	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.2
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-25211	Trust: 0.2
url:	https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13631	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10029	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13630	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-27813	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9925	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9802	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9895	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8625	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8812	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3899	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8819	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3867	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8720	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9893	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8808	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3902	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3900	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8743	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9805	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8820	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9807	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8769	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8710	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8813	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9850	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8710	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8811	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9803	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9862	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3885	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-15503	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20807	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-10018	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8835	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8764	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8844	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3865	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3864	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-14391	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3862	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3901	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8823	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3895	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11793	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8720	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9894	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8816	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9843	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8771	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3897	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9806	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8814	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8743	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9915	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8815	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8625	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8783	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20807	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8766	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3868	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8846	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-3894	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-8782	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5188	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17546	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-17546	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5094	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-5188	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4479	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://issues.jboss.org/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10726	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10725	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10723	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10725	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10722	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10722	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10726	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5364	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5633	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11068	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-1551	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1551	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11068	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-12652	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19126	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1240	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20386	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18874	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12450	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4255	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12652	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20386	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18874	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14365	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19126	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5482	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14973	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5482	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-5313	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12450	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0949	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8177	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/errata/rhea-2020:5633	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8624	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.7/updating/updating-cluster	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13225	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8566	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5635	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15157	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-25658	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3884	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3884	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8622	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13225	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3121	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24750	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8619	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3898	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1752	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0146	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1730	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28362	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24553	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13632	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24553	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24659	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1751	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28366	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28362	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28366	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28367	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28367	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 161727 // PACKETSTORM: 161548 // PACKETSTORM: 161016 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 161536 // PACKETSTORM: 160961

SOURCES

db:	VULMON	id:	CVE-2019-19956
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	161548
db:	PACKETSTORM	id:	161016
db:	PACKETSTORM	id:	159553
db:	PACKETSTORM	id:	161916
db:	PACKETSTORM	id:	161536
db:	PACKETSTORM	id:	160961
db:	CNNVD	id:	CNNVD-201912-1088
db:	JVNDB	id:	JVNDB-2019-013540
db:	NVD	id:	CVE-2019-19956

LAST UPDATE DATE

2026-01-15T21:16:18.199000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-19956	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201912-1088	date:	2023-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-013540	date:	2021-06-16T05:02:00
db:	NVD	id:	CVE-2019-19956	date:	2025-12-03T19:15:50.247

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-19956	date:	2019-12-24T00:00:00
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	161548	date:	2021-02-25T15:30:03
db:	PACKETSTORM	id:	161016	date:	2021-01-19T14:45:45
db:	PACKETSTORM	id:	159553	date:	2020-10-14T16:52:18
db:	PACKETSTORM	id:	161916	date:	2021-03-22T15:36:55
db:	PACKETSTORM	id:	161536	date:	2021-02-25T15:26:54
db:	PACKETSTORM	id:	160961	date:	2021-01-15T15:06:55
db:	CNNVD	id:	CNNVD-201912-1088	date:	2019-12-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-013540	date:	2020-01-09T00:00:00
db:	NVD	id:	CVE-2019-19956	date:	2019-12-24T16:15:11.450