ID

VAR-201912-1044


CVE

CVE-2019-19956


TITLE

Red Hat Security Advisory 2021-2021-01

Trust: 0.1

sources: PACKETSTORM: 162694

DESCRIPTION

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. Summary: Openshift Serverless 1.10.2 is now available. Solution: See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.5/html/serverless_applications/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1918761 - CVE-2021-3115 golang: cmd/go: packages using cgo can cause arbitrary code execution at build time 5. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Container Storage provisions a multicloud data management service with an S3 compatible API. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1806266 - Require an extension to the cephfs subvolume commands, that can return metadata regarding a subvolume 1813506 - Dockerfile not compatible with docker and buildah 1817438 - OSDs not distributed uniformly across OCS nodes on a 9-node AWS IPI setup 1817850 - [BAREMETAL] rook-ceph-operator does not reconcile when osd deployment is deleted when performed node replacement 1827157 - OSD hitting default CPU limit on AWS i3en.2xlarge instances limiting performance 1829055 - [RFE] add insecureEdgeTerminationPolicy: Redirect to noobaa mgmt route (http to https) 1833153 - add a variable for sleep time of rook operator between checks of downed OSD+Node. 1836299 - NooBaa Operator deploys with HPA that fires maxreplicas alerts by default 1842254 - [NooBaa] Compression stats do not add up when compression id disabled 1845976 - OCS 4.5 Independent mode: must-gather commands fails to collect ceph command outputs from external cluster 1849771 - [RFE] Account created by OBC should have same permissions as bucket owner 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1854500 - [tracker-rhcs bug 1838931] mgr/volumes: add command to return metadata of a subvolume snapshot 1854501 - [Tracker-rhcs bug 1848494 ]pybind/mgr/volumes: Add the ability to keep snapshots of subvolumes independent of the source subvolume 1854503 - [tracker-rhcs-bug 1848503] cephfs: Provide alternatives to increase the total cephfs subvolume snapshot counts to greater than the current 400 across a Cephfs volume 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1858195 - [GSS] registry pod stuck in ContainerCreating due to pvc from cephfs storage class fail to mount 1859183 - PV expansion is failing in retry loop in pre-existing PV after upgrade to OCS 4.5 (i.e. if the PV spec does not contain expansion params) 1859229 - Rook should delete extra MON PVCs in case first reconcile takes too long and rook skips "b" and "c" (spawned from Bug 1840084#c14) 1859478 - OCS 4.6 : Upon deployment, CSI Pods in CLBO with error - flag provided but not defined: -metadatastorage 1860022 - OCS 4.6 Deployment: LBP CSV and pod should not be deployed since ob/obc CRDs are owned from OCS 4.5 onwards 1860034 - OCS 4.6 Deployment in ocs-ci : Toolbox pod in ContainerCreationError due to key admin-secret not found 1860670 - OCS 4.5 Uninstall External: Openshift-storage namespace in Terminating state as CephObjectStoreUser had finalizers remaining 1860848 - Add validation for rgw-pool-prefix in the ceph-external-cluster-details-exporter script 1861780 - [Tracker BZ1866386][IBM s390x] Mount Failed for CEPH while running couple of OCS test cases. 1865938 - CSIDrivers missing in OCS 4.6 1867024 - [ocs-operator] operator v4.6.0-519.ci is in Installing state 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868060 - [External Cluster] Noobaa-default-backingstore PV in released state upon OCS 4.5 uninstall (Secret not found) 1868703 - [rbd] After volume expansion, the new size is not reflected on the pod 1869411 - capture full crash information from ceph 1870061 - [RHEL][IBM] OCS un-install should make the devices raw 1870338 - OCS 4.6 must-gather : ocs-must-gather-xxx-helper pod in ContainerCreationError (couldn't find key admin-secret) 1870631 - OCS 4.6 Deployment : RGW pods went into 'CrashLoopBackOff' state on Z Platform 1872119 - Updates don't work on StorageClass which will keep PV expansion disabled for upgraded cluster 1872696 - [ROKS][RFE]NooBaa Configure IBM COS as default backing store 1873864 - Noobaa: On an baremetal RHCOS cluster, some backingstores are stuck in PROGRESSING state with INVALID_ENDPOINT TemporaryError 1874606 - CVE-2020-7720 nodejs-node-forge: prototype pollution via the util.setPath function 1875476 - Change noobaa logo in the noobaa UI 1877339 - Incorrect use of logr 1877371 - NooBaa UI warning message on Deploy Kubernetes Pool process - typo and shown number is incorrect 1878153 - OCS 4.6 must-gather: collect node information under cluster_scoped_resources/oc_output directory 1878714 - [FIPS enabled] BadDigest error on file upload to noobaa bucket 1878853 - [External Mode] ceph-external-cluster-details-exporter.py does not tolerate TLS enabled RGW 1879008 - ocs-osd-removal job fails because it can't find admin-secret in rook-ceph-mon secret 1879072 - Deployment with encryption at rest is failing to bring up OSD pods 1879919 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1880255 - Collect rbd info and subvolume info and snapshot info command output 1881028 - CVE-2020-8237 nodejs-json-bigint: Prototype pollution via `__proto__` assignment could result in DoS 1881071 - [External] Upgrade mechanism from OCS 4.5 to OCS 4.6 needs to be fixed 1882397 - MCG decompression problem with snappy on s390x arch 1883253 - CSV doesn't contain values required for UI to enable minimal deployment and cluster encryption 1883398 - Update csi sidecar containers in rook 1883767 - Using placement strategies in cluster-service.yaml causes ocs-operator to crash 1883810 - [External mode] RGW metrics is not available after OCS upgrade from 4.5 to 4.6 1883927 - Deployment with encryption at rest is failing to bring up OSD pods 1885175 - Handle disappeared underlying device for encrypted OSD 1885428 - panic seen in rook-ceph during uninstall - "close of closed channel" 1885648 - [Tracker for https://bugzilla.redhat.com/show_bug.cgi?id=1885700] FSTYPE for localvolumeset devices shows up as ext2 after uninstall 1885971 - ocs-storagecluster-cephobjectstore doesn't report true state of RGW 1886308 - Default VolumeSnapshot Classes not created in External Mode 1886348 - osd removal job failed with status "Error" 1886551 - Clone creation failed after timeout of 5 hours of Azure platrom for 3 CephFS PVCs ( PVC sizes: 1, 25 and 100 GB) 1886709 - [External] RGW storageclass disappears after upgrade from OCS 4.5 to 4.6 1886859 - OCS 4.6: Uninstall stuck indefinitely if any Ceph pods are in Pending state before uninstall 1886873 - [OCS 4.6 External/Internal Uninstall] - Storage Cluster deletion stuck indefinitely, "failed to delete object store", remaining users: [noobaa-ceph-objectstore-user] 1888583 - [External] When deployment is attempted without specifying the monitoring-endpoint while generating JSON, the CSV is stuck in installing state 1888593 - [External] Add validation for monitoring-endpoint and port in the exporter script 1888614 - [External] Unreachable monitoring-endpoint used during deployment causes ocs-operator to crash 1889441 - Traceback error message while running OCS 4.6 must-gather 1889683 - [GSS] Noobaa Problem when setting public access to a bucket 1889866 - Post node power off/on, an unused MON PVC still stays back in the cluster 1890183 - [External] ocs-operator logs are filled with "failed to reconcile metrics exporter" 1890638 - must-gather helper pod should be deleted after collecting ceph crash info 1890971 - [External] RGW metrics are not available if anything else except 9283 is provided as the monitoring-endpoint-port 1891856 - ocs-metrics-exporter pod should have tolerations for OCS taint 1892206 - [GSS] Ceph image/version mismatch 1892234 - clone #95 creation failed for CephFS PVC ( 10 GB PVC size) during multiple clones creation test 1893624 - Must Gather is not collecting the tar file from NooBaa diagnose 1893691 - OCS4.6 must_gather failes to complete in 600sec 1893714 - Bad response for upload an object with encryption 1895402 - Mon pods didn't get upgraded in 720 second timeout from OCS 4.5 upgrade to 4.6 1896298 - [RFE] Monitoring for Namespace buckets and resources 1896831 - Clone#452 for RBD PVC ( PVC size 1 GB) failed to be created for 600 secs 1898521 - [CephFS] Deleting cephfsplugin pod along with app pods will make PV remain in Released state after deleting the PVC 1902627 - must-gather should wait for debug pods to be in ready state 1904171 - RGW Service is unavailable for a short period during upgrade to OCS 4.6 5. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. This advisory provides the following updates among others: * Enhances profile parsing time. * Fixes excessive resource consumption from the Operator. * Fixes default content image. * Fixes outdated remediation handling. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Bug Fix(es): * Aggregator pod tries to parse ConfigMaps without results (BZ#1899479) * The compliancesuite object returns error with ocp4-cis tailored profile (BZ#1902251) * The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object (BZ#1902634) * [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object (BZ#1907414) * The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator (BZ#1908991) * Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" (BZ#1909081) * [OCP v46] Always update the default profilebundles on Compliance operator startup (BZ#1909122) 3. Bugs fixed (https://bugzilla.redhat.com/): 1899479 - Aggregator pod tries to parse ConfigMaps without results 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1902251 - The compliancesuite object returns error with ocp4-cis tailored profile 1902634 - The compliancesuite does not trigger when there are multiple rhcos4 profiles added in scansettingbinding object 1907414 - [OCP v46] Not all remediations get applied through machineConfig although the status of all rules shows Applied in ComplianceRemediations object 1908991 - The profile parser pod deployment and associated profiles should get removed after upgrade the compliance operator 1909081 - Applying the "rhcos4-moderate" compliance profile leads to Ignition error "something else exists at that path" 1909122 - [OCP v46] Always update the default profilebundles on Compliance operator startup 5. Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Bugs fixed (https://bugzilla.redhat.com/): 1832983 - Release of 1.1.3 odo-init-image 5. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Bugs fixed (https://bugzilla.redhat.com/): 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1723723 - CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS 1752592 - CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input 1788856 - CVE-2019-19956 libxml2: There's a memory leak in xmlParseBalancedChunkMemoryRecover in parser.c that could result in a crash 1799734 - CVE-2019-20388 libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c 1799786 - CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations 1820772 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized value 1844929 - CVE-2020-11080 nghttp2: overly large SETTINGS frames can lead to DoS 5. JIRA issues fixed (https://issues.jboss.org/): JBCS-941 - Upgrade mod_cluster native to 1.3.13 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security update Advisory ID: RHSA-2020:4479-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4479 Issue date: 2020-11-03 CVE Names: CVE-2019-19956 CVE-2019-20388 CVE-2020-7595 ==================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The desktop must be restarted (log out, then log back in) for this update to take effect. 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: libxml2-debuginfo-2.9.7-8.el8.aarch64.rpm libxml2-debugsource-2.9.7-8.el8.aarch64.rpm libxml2-devel-2.9.7-8.el8.aarch64.rpm python3-libxml2-debuginfo-2.9.7-8.el8.aarch64.rpm ppc64le: libxml2-debuginfo-2.9.7-8.el8.ppc64le.rpm libxml2-debugsource-2.9.7-8.el8.ppc64le.rpm libxml2-devel-2.9.7-8.el8.ppc64le.rpm python3-libxml2-debuginfo-2.9.7-8.el8.ppc64le.rpm s390x: libxml2-debuginfo-2.9.7-8.el8.s390x.rpm libxml2-debugsource-2.9.7-8.el8.s390x.rpm libxml2-devel-2.9.7-8.el8.s390x.rpm python3-libxml2-debuginfo-2.9.7-8.el8.s390x.rpm x86_64: libxml2-debuginfo-2.9.7-8.el8.i686.rpm libxml2-debuginfo-2.9.7-8.el8.x86_64.rpm libxml2-debugsource-2.9.7-8.el8.i686.rpm libxml2-debugsource-2.9.7-8.el8.x86_64.rpm libxml2-devel-2.9.7-8.el8.i686.rpm libxml2-devel-2.9.7-8.el8.x86_64.rpm python3-libxml2-debuginfo-2.9.7-8.el8.i686.rpm python3-libxml2-debuginfo-2.9.7-8.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: libxml2-2.9.7-8.el8.src.rpm aarch64: libxml2-2.9.7-8.el8.aarch64.rpm libxml2-debuginfo-2.9.7-8.el8.aarch64.rpm libxml2-debugsource-2.9.7-8.el8.aarch64.rpm python3-libxml2-2.9.7-8.el8.aarch64.rpm python3-libxml2-debuginfo-2.9.7-8.el8.aarch64.rpm ppc64le: libxml2-2.9.7-8.el8.ppc64le.rpm libxml2-debuginfo-2.9.7-8.el8.ppc64le.rpm libxml2-debugsource-2.9.7-8.el8.ppc64le.rpm python3-libxml2-2.9.7-8.el8.ppc64le.rpm python3-libxml2-debuginfo-2.9.7-8.el8.ppc64le.rpm s390x: libxml2-2.9.7-8.el8.s390x.rpm libxml2-debuginfo-2.9.7-8.el8.s390x.rpm libxml2-debugsource-2.9.7-8.el8.s390x.rpm python3-libxml2-2.9.7-8.el8.s390x.rpm python3-libxml2-debuginfo-2.9.7-8.el8.s390x.rpm x86_64: libxml2-2.9.7-8.el8.i686.rpm libxml2-2.9.7-8.el8.x86_64.rpm libxml2-debuginfo-2.9.7-8.el8.i686.rpm libxml2-debuginfo-2.9.7-8.el8.x86_64.rpm libxml2-debugsource-2.9.7-8.el8.i686.rpm libxml2-debugsource-2.9.7-8.el8.x86_64.rpm python3-libxml2-2.9.7-8.el8.x86_64.rpm python3-libxml2-debuginfo-2.9.7-8.el8.i686.rpm python3-libxml2-debuginfo-2.9.7-8.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6I21tzjgjWX9erEAQjPWQ/9HUwbjkw/cY8D3Rd6eR/cQbQjwrpJdOHJ YIZQ3ZgphMhXXNMZmPfFTI2cwLkirN7uH73KtT3+LOsepnzhyhRghQgRUaLYFXgl OMUCjzevES36P3bY9N2rk6xvfU4pnpeWb94t6sEiJuWdCDIs52UY41ODOnGVJorw mxYe8rtP3FAAicPOG/OEWFiTZxH3inn2TbWixRHH1eG7ySvjbQfbfjA4e5zoY84K EizU1IVu9rJfgnwfknKDote31LjHzvbw5SsCyAHlMz6f4Z7UhHefOlVAyB6XHFjF rN5ADjtF1B5wjxtYSGmnfNxsrdtDyOC5T31EA2EC5qyQ6XBL9GUix8BPmK0fPXxI BXXNYmwSXsIaeAwq6d5LbSBNI5ntU6tDyZ7lvDNkEgI4sRxIBZ84IVeDbLcgOwJv OA/M0eg2o7uKiNF0DV4ZVHCVHeH5LoaBhrq/0B21FkM9JxRX8vEwhavkR9oVW331 yFlmYiZpOQkD6P0omCtwED4jmCg9hdRCfXCbUbYpmpWoK9Plp3hY/v2RfUEMROYV R+o8hCb1wbiyIPLVvsuVppM/rUUfuQ6sd9FwwsbjgdeCrx+++wCX/NwlzIPwtT4F Gnj1SaXE0/5Ilyb3Tqq1QYcLe7YfVk/0Iip9V+t4HPyWRVOFFYexqjXZCNt2L8JS NiiH7H8gSOo\xba8C -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.89

sources: NVD: CVE-2019-19956 // VULMON: CVE-2019-19956 // PACKETSTORM: 162694 // PACKETSTORM: 160624 // PACKETSTORM: 161727 // PACKETSTORM: 161429 // PACKETSTORM: 161016 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 158168 // PACKETSTORM: 159851 // PACKETSTORM: 159552

AFFECTED PRODUCTS

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:xmlsoftmodel:libxml2scope:ltversion:2.9.10

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:netappmodel:clustered data ontap antivirus connectorscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:real user experience insightscope:eqversion:13.3.1.0

Trust: 1.0

vendor:netappmodel:steelstore cloud integrated storagescope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:netappmodel:ontap select deploy administration utilityscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:netappmodel:manageability software development kitscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

sources: NVD: CVE-2019-19956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19956
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2019-19956
value: HIGH

Trust: 1.0

VULMON: CVE-2019-19956
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19956
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2019-19956
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

sources: VULMON: CVE-2019-19956 // NVD: CVE-2019-19956 // NVD: CVE-2019-19956

PROBLEMTYPE DATA

problemtype:CWE-772

Trust: 1.0

problemtype:CWE-401

Trust: 1.0

sources: NVD: CVE-2019-19956

THREAT TYPE

remote

Trust: 0.1

sources: PACKETSTORM: 160624

TYPE

memory leak

Trust: 0.2

sources: PACKETSTORM: 158168 // PACKETSTORM: 159851

PATCH

title:Red Hat: Moderate: libxml2 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204479 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: libxml2 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203996 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: libxml2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4274-1

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202646 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202644 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1438url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1438

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1534url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1534

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0d160980ab72db34060d62c89304b6f2

Trust: 0.1

title:Red Hat: Moderate: Release of OpenShift Serverless 1.11.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205149 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Release of OpenShift Serverless 1.12.0url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210146 - Security Advisory

Trust: 0.1

title:Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210190 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210050 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210436 - Security Advisory

Trust: 0.1

title:IBM: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3201548b0e11fd3ecd83fd36fc045a8e

Trust: 0.1

title:Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205605 - Security Advisory

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2019-19956

EXTERNAL IDS

db:NVDid:CVE-2019-19956

Trust: 2.1

db:SIEMENSid:SSA-292794

Trust: 1.1

db:ICS CERTid:ICSA-21-103-08

Trust: 1.1

db:VULMONid:CVE-2019-19956

Trust: 0.1

db:PACKETSTORMid:162694

Trust: 0.1

db:PACKETSTORMid:160624

Trust: 0.1

db:PACKETSTORMid:161727

Trust: 0.1

db:PACKETSTORMid:161429

Trust: 0.1

db:PACKETSTORMid:161016

Trust: 0.1

db:PACKETSTORMid:159553

Trust: 0.1

db:PACKETSTORMid:161916

Trust: 0.1

db:PACKETSTORMid:158168

Trust: 0.1

db:PACKETSTORMid:159851

Trust: 0.1

db:PACKETSTORMid:159552

Trust: 0.1

sources: VULMON: CVE-2019-19956 // PACKETSTORM: 162694 // PACKETSTORM: 160624 // PACKETSTORM: 161727 // PACKETSTORM: 161429 // PACKETSTORM: 161016 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 158168 // PACKETSTORM: 159851 // PACKETSTORM: 159552 // NVD: CVE-2019-19956

REFERENCES

url:https://usn.ubuntu.com/4274-1/

Trust: 1.2

url:https://gitlab.gnome.org/gnome/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20200114-0002/

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

Trust: 1.1

url:https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5r55zr52rmbx24tqtwhciwkjvrv6yawi/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jdpf3aavkuakdyfmfksiqsvvs3eefpqh/

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 1.0

url:https://access.redhat.com/security/team/contact/

Trust: 1.0

url:https://bugzilla.redhat.com/):

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.7

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.7

url:https://access.redhat.com/security/cve/cve-2019-20907

Trust: 0.6

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-20907

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2020-8177

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2019-20454

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-13050

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-8492

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-16168

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-9327

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13630

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20387

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-13050

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-14889

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-1730

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19906

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-13627

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-19221

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-6405

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13631

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-5018

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-13632

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-14422

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20218

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-7595

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-20916

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12400

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-12243

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-1971

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-20916

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19221

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-19906

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-5018

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20218

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20387

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-13627

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-14889

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20454

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-16168

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9925

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9802

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9895

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8625

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-15165

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14382

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8812

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3899

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8819

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-11068

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3867

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8720

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9893

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8808

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3902

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-18197

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1751

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3900

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9805

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8820

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9807

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8769

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8710

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8813

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9850

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8811

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9803

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9862

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-1551

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3885

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-15503

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10018

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8835

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8764

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8844

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3865

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3864

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-14391

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3862

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3901

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8823

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1752

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3895

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-11793

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9894

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8816

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9843

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8771

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3897

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9806

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8814

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8743

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-9915

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8815

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-10029

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8783

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20807

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-11068

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8766

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8846

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3868

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-3894

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-8782

Trust: 0.3

url:https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-20386

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-20386

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-5188

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-5094

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-5188

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2020:4479

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12402

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1971

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12401

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-12403

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18197

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8743

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8710

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-24659

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20807

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1551

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.6/updating/updating-cluster

Trust: 0.2

url:https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15165

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8720

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-8625

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-12652

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-1240

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-18874

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-17546

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14973

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17546

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2017-12652

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-14822

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-18874

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14365

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19126

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-5482

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-5313

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/401.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20305

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13631

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14422

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13632

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3115

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-9327

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3114

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000858

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:2021

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8492

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13630

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1730

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6405

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3449

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-3450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16300

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14466

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15166

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16230

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18609

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-16845

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14467

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10103

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14469

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16229

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14882

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16227

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14461

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14881

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14463

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14879

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_openshift_container_s

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14469

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10105

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14880

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14461

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5605

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25660

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14466

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14882

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-15586

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16230

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14468

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14467

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14462

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14880

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14881

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16300

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14462

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16229

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10103

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14463

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16451

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14040

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14879

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14019

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14470

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14470

Trust: 0.1

url:https://bugzilla.redhat.com/show_bug.cgi?id=1885700]

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-14465

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-16452

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7720

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8237

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-12723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10878

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20228

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20253

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11023

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0778

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11022

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12723

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20191

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20180

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2016-5766

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10878

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-20178

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2016-5766

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20372

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11022

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10543

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-35678

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-28362

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0436

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17450

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0190

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17450

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-27813

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4255

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:0949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-8177

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-6829

Trust: 0.1

url:https://issues.jboss.org/):

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11080

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp&downloadtype=securitypatches&version=2.4.37

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1934

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.37/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2646

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11080

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1934

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0196

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4254

Trust: 0.1

sources: VULMON: CVE-2019-19956 // PACKETSTORM: 162694 // PACKETSTORM: 160624 // PACKETSTORM: 161727 // PACKETSTORM: 161429 // PACKETSTORM: 161016 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 158168 // PACKETSTORM: 159851 // PACKETSTORM: 159552 // NVD: CVE-2019-19956

CREDITS

Red Hat

Trust: 1.0

sources: PACKETSTORM: 162694 // PACKETSTORM: 160624 // PACKETSTORM: 161727 // PACKETSTORM: 161429 // PACKETSTORM: 161016 // PACKETSTORM: 159553 // PACKETSTORM: 161916 // PACKETSTORM: 158168 // PACKETSTORM: 159851 // PACKETSTORM: 159552

SOURCES

db:VULMONid:CVE-2019-19956
db:PACKETSTORMid:162694
db:PACKETSTORMid:160624
db:PACKETSTORMid:161727
db:PACKETSTORMid:161429
db:PACKETSTORMid:161016
db:PACKETSTORMid:159553
db:PACKETSTORMid:161916
db:PACKETSTORMid:158168
db:PACKETSTORMid:159851
db:PACKETSTORMid:159552
db:NVDid:CVE-2019-19956

LAST UPDATE DATE

2026-07-07T09:04:35.372000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2019-19956date:2023-11-07T00:00:00
db:NVDid:CVE-2019-19956date:2025-12-03T19:15:50.247

SOURCES RELEASE DATE

db:VULMONid:CVE-2019-19956date:2019-12-24T00:00:00
db:PACKETSTORMid:162694date:2021-05-19T14:19:18
db:PACKETSTORMid:160624date:2020-12-18T19:14:41
db:PACKETSTORMid:161727date:2021-03-09T16:25:11
db:PACKETSTORMid:161429date:2021-02-16T15:44:48
db:PACKETSTORMid:161016date:2021-01-19T14:45:45
db:PACKETSTORMid:159553date:2020-10-14T16:52:18
db:PACKETSTORMid:161916date:2021-03-22T15:36:55
db:PACKETSTORMid:158168date:2020-06-22T15:55:22
db:PACKETSTORMid:159851date:2020-11-04T15:29:08
db:PACKETSTORMid:159552date:2020-10-14T16:52:12
db:NVDid:CVE-2019-19956date:2019-12-24T16:15:11.450