var-201908-0261
Vulnerability from variot
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:
Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. See the download link given in the references section below.
The References section of this erratum contains a download link (you must log in to download the update). Description:
Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.
It is recommended to halt the server by stopping the JBoss Application Server process before installing this update; after installing the update, restart the server by starting the JBoss Application Server process. Description:
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Solution:
To install this update, do the following:
- Download the Data Grid 7.3.3 server patch from the customer portal. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions. Restart Data Grid to ensure the changes take effect. The purpose of this text-only errata is to inform you about the security issues fixed in this release. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0
SwiftNIO HTTP/2 1.5.0 is now available and addresses the following:
SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume unbounded amounts of memory when receiving certain traffic patterns and eventually suffer resource exhaustion Description: This issue was addressed with improved buffer size management. CVE-2019-9512: Jonathan Looney of Netflix CVE-2019-9514: Jonathan Looney of Netflix CVE-2019-9515: Jonathan Looney of Netflix CVE-2019-9516: Jonathan Looney of Netflix
SwiftNIO HTTP/2 Available for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on macOS Sierra 10.12 and later and Ubuntu 14.04 and later Impact: A HTTP/2 server may consume excessive CPU resources when receiving certain traffic patterns Description: This issue was addressed with improved input validation. CVE-2019-9518: Piotr Sikora of Google, Envoy Security Team
Installation note:
SwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager.
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 and https://github.com/apple/swift-nio-http2/releases/tag/1.5.0. Description:
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: rh-nodejs10-nodejs security update Advisory ID: RHSA-2019:2939-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:2939 Issue date: 2019-09-30 CVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518 =====================================================================
- Summary:
An update for rh-nodejs10-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs (10.16.3).
Security Fix(es):
-
HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511)
-
HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)
-
HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513)
-
HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)
-
HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515)
-
HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)
-
HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
-
HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
aarch64: rh-nodejs10-3.2-3.el7.aarch64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm rh-nodejs10-runtime-3.2-3.el7.aarch64.rpm rh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
aarch64: rh-nodejs10-3.2-3.el7.aarch64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm rh-nodejs10-runtime-3.2-3.el7.aarch64.rpm rh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
ppc64le: rh-nodejs10-3.2-3.el7.ppc64le.rpm rh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm rh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm rh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm
s390x: rh-nodejs10-3.2-3.el7.s390x.rpm rh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm rh-nodejs10-runtime-3.2-3.el7.s390x.rpm rh-nodejs10-scldevel-3.2-3.el7.s390x.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-nodejs10-3.2-3.el7.src.rpm rh-nodejs10-nodejs-10.16.3-3.el7.src.rpm
noarch: rh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm
x86_64: rh-nodejs10-3.2-3.el7.x86_64.rpm rh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm rh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm rh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm rh-nodejs10-runtime-3.2-3.el7.x86_64.rpm rh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9513 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9516 https://access.redhat.com/security/cve/CVE-2019-9517 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXZKSV9zjgjWX9erEAQjWxw//TqsnsdfKIaX7qXrxNwXVylKrY8SrbeXt x6Qvt8AOqLn+F+JmManmBtNm9jcpuhGiKmnukzZUpWNhjJiofb2kocQHvvIJ9067 /sTyDXnFmoPYwWVjBhgw24wr/7IZc8qRFTL+Tsz2XVi/kwT2IKrq5erOb9CKVFG1 YYZ0hJKVpcrVoMTgbwp26epTsl2/CcENdNcaL8A31Hn4hBVUYU5FAx9ZTrSnOwV9 QKJ04S0BN5ChgQSXmGYGL02U5GZtA9GWPdDGH0JDckX1t4zwya8Q467xKfbmhp+n AFwBxnP5f/j7VCjwr+vM/XU4BBiK6S82LhGUQgv+uCCaLAFFA2NxRMaa25te7i/u Gu3f5O6OIfkmrPAhHsMfjqXKWJRigc8o26LAT9uGJ9j1FI5xAEa927/xQm08dopo Jvcp8hsf8bi0VM36QSJVarv9aXxJVLpQWBroCV6/Ed+Sxb+Tru/h0G1o8Cwsv6L5 OzMkws/4bxutdFf97MpF1XMxmVrTUE2Wg1lkDOAw0VSikCxgvIhS4heAtIT+nJcR DY+uqboU4KSHFRkol1tIAqlZchD7b+liLbok2Z75NSX4Jg/M3cXfRvw8DKyB8dNc vDET3a6LRCpyR+okLS2hLfb7jTEvi8rOq8Ywsc7caj4hgKsWkRXgo1udbecn0Vrf NSxxFO6EuZE= =bNnl -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-0261", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.7.2.0" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "7.7.2.24" }, { "model": "vs960hd", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "8.16.1" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.12.0" }, { "model": "openshift service mesh", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "software collections", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.9.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "29" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.2.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2.0" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "8.2.0" }, { "model": "jboss enterprise application platform", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.0.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.13.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "8.0.0" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "8.0.0" }, { "model": "diskstation manager", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": "6.2" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "12.8.1" }, { "model": "swiftnio", "scope": "lte", "trust": 1.0, "vendor": "apple", "version": "1.4.0" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "7.0.0" }, { "model": "quay", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "3.0.0" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "jboss core services", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "1.0" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "7.1.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "8.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "8.1.0" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "10.16.3" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "8.0.3" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "30" }, { "model": "web gateway", "scope": "lt", "trust": 1.0, "vendor": "mcafee", "version": "7.8.2.13" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "skynas", "scope": "eq", "trust": 1.0, "vendor": "synology", "version": null }, { "model": "swiftnio", "scope": "gte", "trust": 1.0, "vendor": "apple", "version": "1.0.0" }, { "model": "web gateway", "scope": "gte", "trust": 1.0, "vendor": "mcafee", "version": "7.8.2.0" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "8.8.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "19.04" }, { "model": "traffic server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "traffic server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "6.2.3" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "akamai", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "amazon", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache traffic server", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cloudflare", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "envoy", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "facebook", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "go programming language", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "litespeed", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "netty", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "node js", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "synology", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "twisted", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "grpc", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nghttp2", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "nginx", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "NVD", "id": "CVE-2019-9518" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apple:swiftnio:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.4.0", "versionStartIncluding": "1.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "10.12", "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "14.04", "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.3", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "7.1.6", "versionStartIncluding": "7.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.2.3", "versionStartIncluding": "6.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:synology:skynas:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:openshift_service_mesh:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:graalvm:19.2.0:*:*:*:enterprise:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.7.2.24", "versionStartIncluding": "7.7.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.8.2.13", "versionStartIncluding": "7.8.2.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.2.0", "versionStartIncluding": "8.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "8.8.1", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndIncluding": "10.12.0", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*", "cpe_name": [], "versionEndExcluding": "12.8.1", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "10.16.3", "versionStartIncluding": "10.13.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*", "cpe_name": [], "versionEndExcluding": "8.16.1", "versionStartIncluding": "8.9.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2019-9518" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "155728" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "CNNVD", "id": "CNNVD-201908-940" } ], "trust": 1.5 }, "cve": "CVE-2019-9518", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-160953", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "cret@cert.org", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2019-9518", "trust": 1.0, "value": "HIGH" }, { "author": "cret@cert.org", "id": "CVE-2019-9518", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201908-940", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-160953", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-160953" }, { "db": "CNNVD", "id": "CNNVD-201908-940" }, { "db": "NVD", "id": "CVE-2019-9518" }, { "db": "NVD", "id": "CVE-2019-9518" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU. Multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. HTTP/2 is the second version of the hypertext transfer protocol, which is mainly used to ensure the communication between the client and the server. A resource management error vulnerability exists in HTTP/2. An attacker could exploit this vulnerability to cause a denial of service. Description:\n\nRed Hat Fuse provides a small-footprint, flexible, open source enterprise\nservice bus and integration platform. Red Hat A-MQ is a standards compliant\nmessaging system that is tailored for use in mission critical applications. It\nincludes bug fixes, which are documented in the patch notes accompanying\nthe package on the download page. See the download link given in the\nreferences section below. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). Description:\n\nRed Hat Process Automation Manager is an open source business process\nmanagement suite that combines process management and decision service\nmanagement and enables business and IT users to create, manage, validate,\nand deploy process applications and decision services. \n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update; after installing the update,\nrestart the server by starting the JBoss Application Server process. Description:\n\nRed Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the\nInfinispan project. \n\nThis release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat\nData Grid 7.3.2 and includes bug fixes and enhancements, which are\ndescribed in the Release Notes, linked to in the References section of this\nerratum. Solution:\n\nTo install this update, do the following:\n\n1. Download the Data Grid 7.3.3 server patch from the customer portal. Back up your existing Data Grid installation. You should back up\ndatabases, configuration files, and so on. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes\nfor patching instructions. Restart Data Grid to ensure the changes take effect. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-08-13-5 SwiftNIO HTTP/2 1.5.0\n\nSwiftNIO HTTP/2 1.5.0 is now available and addresses the following:\n\nSwiftNIO HTTP/2\nAvailable for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on\nmacOS Sierra 10.12 and later and Ubuntu 14.04 and later\nImpact: A HTTP/2 server may consume unbounded amounts of memory when\nreceiving certain traffic patterns and eventually suffer resource\nexhaustion\nDescription: This issue was addressed with improved buffer size\nmanagement. \nCVE-2019-9512: Jonathan Looney of Netflix\nCVE-2019-9514: Jonathan Looney of Netflix\nCVE-2019-9515: Jonathan Looney of Netflix\nCVE-2019-9516: Jonathan Looney of Netflix\n\nSwiftNIO HTTP/2\nAvailable for: SwiftNIO HTTP/2 1.0.0 through 1.4.0 on\nmacOS Sierra 10.12 and later and Ubuntu 14.04 and later\nImpact: A HTTP/2 server may consume excessive CPU resources when\nreceiving certain traffic patterns\nDescription: This issue was addressed with improved input validation. \nCVE-2019-9518: Piotr Sikora of Google, Envoy Security Team\n\nInstallation note:\n\nSwiftNIO HTTP/2 1.5.0 may be obtained via Swift Package Manager. \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222 and\nhttps://github.com/apple/swift-nio-http2/releases/tag/1.5.0. Description:\n\nAMQ Broker is a high-performance messaging implementation based on ActiveMQ\nArtemis. It uses an asynchronous journal for fast message persistence, and\nsupports multiple languages, protocols, and platforms. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: rh-nodejs10-nodejs security update\nAdvisory ID: RHSA-2019:2939-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2939\nIssue date: 2019-09-30\nCVE Names: CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 \n CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 \n CVE-2019-9517 CVE-2019-9518 \n=====================================================================\n\n1. Summary:\n\nAn update for rh-nodejs10-nodejs is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nNode.js is a software development platform for building fast and scalable\nnetwork applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version:\nrh-nodejs10-nodejs (10.16.3). \n\nSecurity Fix(es):\n\n* HTTP/2: large amount of data requests leads to denial of service\n(CVE-2019-9511)\n\n* HTTP/2: flood using PING frames results in unbounded memory growth\n(CVE-2019-9512)\n\n* HTTP/2: flood using PRIORITY frames results in excessive resource\nconsumption (CVE-2019-9513)\n\n* HTTP/2: flood using HEADERS frames results in unbounded memory growth\n(CVE-2019-9514)\n\n* HTTP/2: flood using SETTINGS frames results in unbounded memory growth\n(CVE-2019-9515)\n\n* HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516)\n\n* HTTP/2: request for large response leads to denial of service\n(CVE-2019-9517)\n\n* HTTP/2: flood using empty frames results in excessive resource\nconsumption (CVE-2019-9518)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\naarch64:\nrh-nodejs10-3.2-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm\nrh-nodejs10-runtime-3.2-3.el7.aarch64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\naarch64:\nrh-nodejs10-3.2-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.aarch64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.aarch64.rpm\nrh-nodejs10-runtime-3.2-3.el7.aarch64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.aarch64.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nppc64le:\nrh-nodejs10-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.ppc64le.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.ppc64le.rpm\nrh-nodejs10-runtime-3.2-3.el7.ppc64le.rpm\nrh-nodejs10-scldevel-3.2-3.el7.ppc64le.rpm\n\ns390x:\nrh-nodejs10-3.2-3.el7.s390x.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.s390x.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.s390x.rpm\nrh-nodejs10-runtime-3.2-3.el7.s390x.rpm\nrh-nodejs10-scldevel-3.2-3.el7.s390x.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-nodejs10-3.2-3.el7.src.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.src.rpm\n\nnoarch:\nrh-nodejs10-nodejs-docs-10.16.3-3.el7.noarch.rpm\n\nx86_64:\nrh-nodejs10-3.2-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-debuginfo-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-nodejs-devel-10.16.3-3.el7.x86_64.rpm\nrh-nodejs10-npm-6.9.0-10.16.3.3.el7.x86_64.rpm\nrh-nodejs10-runtime-3.2-3.el7.x86_64.rpm\nrh-nodejs10-scldevel-3.2-3.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-9511\nhttps://access.redhat.com/security/cve/CVE-2019-9512\nhttps://access.redhat.com/security/cve/CVE-2019-9513\nhttps://access.redhat.com/security/cve/CVE-2019-9514\nhttps://access.redhat.com/security/cve/CVE-2019-9515\nhttps://access.redhat.com/security/cve/CVE-2019-9516\nhttps://access.redhat.com/security/cve/CVE-2019-9517\nhttps://access.redhat.com/security/cve/CVE-2019-9518\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXZKSV9zjgjWX9erEAQjWxw//TqsnsdfKIaX7qXrxNwXVylKrY8SrbeXt\nx6Qvt8AOqLn+F+JmManmBtNm9jcpuhGiKmnukzZUpWNhjJiofb2kocQHvvIJ9067\n/sTyDXnFmoPYwWVjBhgw24wr/7IZc8qRFTL+Tsz2XVi/kwT2IKrq5erOb9CKVFG1\nYYZ0hJKVpcrVoMTgbwp26epTsl2/CcENdNcaL8A31Hn4hBVUYU5FAx9ZTrSnOwV9\nQKJ04S0BN5ChgQSXmGYGL02U5GZtA9GWPdDGH0JDckX1t4zwya8Q467xKfbmhp+n\nAFwBxnP5f/j7VCjwr+vM/XU4BBiK6S82LhGUQgv+uCCaLAFFA2NxRMaa25te7i/u\nGu3f5O6OIfkmrPAhHsMfjqXKWJRigc8o26LAT9uGJ9j1FI5xAEa927/xQm08dopo\nJvcp8hsf8bi0VM36QSJVarv9aXxJVLpQWBroCV6/Ed+Sxb+Tru/h0G1o8Cwsv6L5\nOzMkws/4bxutdFf97MpF1XMxmVrTUE2Wg1lkDOAw0VSikCxgvIhS4heAtIT+nJcR\nDY+uqboU4KSHFRkol1tIAqlZchD7b+liLbok2Z75NSX4Jg/M3cXfRvw8DKyB8dNc\nvDET3a6LRCpyR+okLS2hLfb7jTEvi8rOq8Ywsc7caj4hgKsWkRXgo1udbecn0Vrf\nNSxxFO6EuZE=\n=bNnl\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2019-9518" }, { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160953" }, { "db": "PACKETSTORM", "id": "155728" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "154058" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" } ], "trust": 2.61 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-9518", "trust": 2.7 }, { "db": "CERT/CC", "id": "VU#605641", "trust": 2.5 }, { "db": "MCAFEE", "id": "SB10296", "trust": 1.7 }, { "db": "PACKETSTORM", "id": "158651", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-940", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "155728", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "155352", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157214", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156628", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156941", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "156852", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2020.1335", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3597.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0832", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0100", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2619", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4596", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4238", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4343", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1427", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0643", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3597.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0007", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.5666", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1030", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4586", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4332", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1076", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4737", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3325", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4645", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3299", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4788", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3412", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.4665", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3114", "trust": 0.6 }, { "db": "NSFOCUS", "id": "43922", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-19-346-01", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072128", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "158650", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-160953", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154712", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154058", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "154693", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160953" }, { "db": "PACKETSTORM", "id": "155728" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "154058" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "CNNVD", "id": "CNNVD-201908-940" }, { "db": "NVD", "id": "CVE-2019-9518" } ] }, "id": "VAR-201908-0261", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-160953" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:56:58.444000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HTTP/2 Remedial measures to achieve security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=96623" } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-940" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.1 }, { "problemtype": "CWE-400", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-160953" }, { "db": "NVD", "id": "CVE-2019-9518" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://github.com/netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "trust": 2.5, "url": "https://www.synology.com/security/advisory/synology_sa_19_33" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:3892" }, { "trust": 2.4, "url": "https://access.redhat.com/errata/rhsa-2019:4352" }, { "trust": 2.3, "url": "https://www.debian.org/security/2019/dsa-4520" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2939" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2019:2955" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2020:0727" }, { "trust": 1.7, "url": "https://seclists.org/bugtraq/2019/aug/24" }, { "trust": 1.7, "url": "https://seclists.org/bugtraq/2019/sep/18" }, { "trust": 1.7, "url": "https://kb.cert.org/vuls/id/605641/" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20190823-0005/" }, { "trust": 1.7, "url": "http://seclists.org/fulldisclosure/2019/aug/16" }, { "trust": 1.7, "url": "https://access.redhat.com/errata/rhsa-2019:2925" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "trust": 1.6, "url": "https://blogs.akamai.com/sitr/2019/08/http2-vulnerabilities.html" }, { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9518" }, { "trust": 1.6, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10296" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k46011592" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9514" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9515" }, { "trust": 1.0, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9512" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61%40%3cusers.trafficserver.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d%40%3cannounce.trafficserver.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3ccommits.druid.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107%40%3cdev.trafficserver.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc%40%3ccommits.cassandra.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75%40%3ccommits.cassandra.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/" }, { "trust": 1.0, "url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 0.9, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-9512" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-9514" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-9515" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2019-9518" }, { "trust": 0.9, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.9, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.9, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.8, "url": "https://vuls.cert.org/confluence/pages/viewpage.action?pageid=56393752" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc7540" }, { "trust": 0.8, "url": "https://tools.ietf.org/html/rfc7541" }, { "trust": 0.8, "url": "https://blog.cloudflare.com/on-the-recent-http-2-dos-attacks/" }, { "trust": 0.8, "url": "https://blog.litespeedtech.com/2019/08/15/litespeed-addresses-http-2-dos-advisories/" }, { "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9511https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9512https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9513https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9514https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-9518" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cmnfx5mnyrwwimo4btkyqcgudmho3axp/" }, { "trust": 0.7, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4zqghe3wtylyayjeidjvf2figqtaypmc/" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/r99a625fb17032646d96cd23dec49603ff630e9318e44a686d63046bc@%3ccommits.cassandra.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/rd31230d01fa6aad18bdadc0720acd1747e53690bd35f73a48e7a9b75@%3ccommits.cassandra.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3ccommits.druid.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/2653c56545573b528f3f6352a29eccaf498bd6fb2a6a59568d81a61d@%3cannounce.trafficserver.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/ff5b0821a6985159a832ff6d1a4bd311ac07ecc7db1e2d8bab619107@%3cdev.trafficserver.apache.org%3e" }, { "trust": 0.7, "url": "https://lists.apache.org/thread.html/091b518265bce56a16af87b77c8cfacda902a02079e866f9fdf13b61@%3cusers.trafficserver.apache.org%3e" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026utm_medium=rss" }, { "trust": 0.6, "url": "http2-cves/" }, { "trust": 0.6, "url": "https://www.cloudfoundry.org/blog/various-" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9518" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9517" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9516" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9515" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9514" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9513" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9512" }, { "trust": 0.6, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9511" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192260-1.html" }, { "trust": 0.6, "url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_xrx19-029_ffpsv2_win10_securitybulletin_nov2019.pdf" }, { "trust": 0.6, "url": "https://support.apple.com/en-au/ht210436" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192254-1.html" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k50233772" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1126605" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1104951" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-01" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1109787" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1109781" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1108515" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1109775" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1165894" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1165906" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1135167" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1164346" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1164364" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200059-1.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1128387" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157214/red-hat-security-advisory-2020-1445-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4788/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4586/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-protect-plus-cve-2019-15606-cve-2019-15604-cve-2019-15605-cve-2019-9511-cve-2019-9516-cve-2019-9512-cve-2019-9517-cve-2019-951/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4332/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0643/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1143454" }, { "trust": 0.6, "url": "http2-implementation-vulnerablility/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155728/red-hat-security-advisory-2019-4352-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2619/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3114/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-kubernetes-affect-ibm-infosphere-information-server/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3299/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.5666" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-websphere-application-server-liberty-affect-ibm-spectrum-protect-operations-center-and-client-management-service/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1335/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.3/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4737/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0832/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1137466" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/http-2-multiple-vulnerabilities-30040" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-operations-analytics-predictive-insights-cve-2019-9514-cve-2019-9512-cve-2019-9518-cve-2019-9515/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/43922" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1076/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3325/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156628/red-hat-security-advisory-2020-0727-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1127397" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1427/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4645/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3597.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4665/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-netty-affect-ibm-netcool-agile-service-manager/" }, { "trust": 0.6, "url": "https://pivotal.io/security/cve-2019-9517" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-vulnerabilities-in-websphere-application-server-liberty-cve-2019-9515-cve-2019-9518-cve-2019-9517-cve-2019-9512-cve-2019-9514-c/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4596/" }, { "trust": 0.6, "url": "https://support.apple.com/en-us/ht210436" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-websphere-application-server-affect-ibm-sterling-b2b-integrator/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156852/red-hat-security-advisory-2020-0922-01.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/156941/red-hat-security-advisory-2020-0983-01.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022072128" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-information-server-is-affected-by-multiple-vulnerabilities-in-websphere-application-server-liberty/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158651/red-hat-security-advisory-2020-3197-01.html" }, { "trust": 0.6, "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9518" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1150960" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4343/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0100/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1167160" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0007/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.4238/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3412/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/155352/red-hat-security-advisory-2019-3892-01.html" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1165852" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1030/" }, { "trust": 0.6, "url": "https://www.ibm.com/support/pages/node/1127853" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-9517" }, { "trust": 0.5, "url": "https://access.redhat.com/security/cve/cve-2019-9516" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-16869" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16869" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2019-9511" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-10173" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10173" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20444" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20445" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-20444" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-7238" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20445" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-9513" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0201" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12384" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0201" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-12384" }, { "trust": 0.2, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-0222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10247" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0222" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7238" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10241" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10247" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10241" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10174" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10184" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-3888" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3888" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10184" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-10174" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2019-14379" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10296" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k46011592?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=securitypatches\u0026version=6.3" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq.broker\u0026downloadtype=securitypatches\u0026version=6.3.0" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.3/html/release_notes/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11796" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15095" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19360" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-8034" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12022" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14720" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000850" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.5.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000850" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12023" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17485" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8009" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-8034" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.5/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11775" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11796" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1131" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1131" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0204" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12023" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-12022" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11307" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14860" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-17485" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-15095" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-8009" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11307" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14860" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-19361" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11112" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12406" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9547" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.8/html/release_notes_for_red_hat_process_automation_manager_7.8/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11113" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10968" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1718" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9546" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14060" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13990" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11620" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10672" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.8.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12406" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20330" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14061" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11619" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10673" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1718" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10086" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10086" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13990" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14062" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8840" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10672" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11619" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-10969" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11111" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20330" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12423" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11112" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11612" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12423" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10968" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-11111" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10969" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14061" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11113" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14062" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.4.3" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:1445" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.4/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-14335" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product\\xdata.grid\u0026downloadtype=patches\u0026version=7.3" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10212" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10212" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3805" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14335" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3805" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2015-9251" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-11771" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5427" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-5929" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14439" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11272" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.6/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-17570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17570" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.6.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-5929" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-11771" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14439" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3802" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12814" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-15756" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15756" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9251" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-16012" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-11272" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3802" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-12814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16012" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:0983" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://github.com/apple/swift-nio-http2/releases/tag/1.5.0." }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_amq/7.6/" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.amq.broker\u0026version=7.6.0\u0026productchanged=yes" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:0922" } ], "sources": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160953" }, { "db": "PACKETSTORM", "id": "155728" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "154058" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "CNNVD", "id": "CNNVD-201908-940" }, { "db": "NVD", "id": "CVE-2019-9518" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#605641" }, { "db": "VULHUB", "id": "VHN-160953" }, { "db": "PACKETSTORM", "id": "155728" }, { "db": "PACKETSTORM", "id": "155352" }, { "db": "PACKETSTORM", "id": "158651" }, { "db": "PACKETSTORM", "id": "154712" }, { "db": "PACKETSTORM", "id": "157214" }, { "db": "PACKETSTORM", "id": "156628" }, { "db": "PACKETSTORM", "id": "156941" }, { "db": "PACKETSTORM", "id": "154058" }, { "db": "PACKETSTORM", "id": "156852" }, { "db": "PACKETSTORM", "id": "154693" }, { "db": "CNNVD", "id": "CNNVD-201908-940" }, { "db": "NVD", "id": "CVE-2019-9518" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-13T00:00:00", "db": "CERT/CC", "id": "VU#605641" }, { "date": "2019-08-13T00:00:00", "db": "VULHUB", "id": "VHN-160953" }, { "date": "2019-12-19T22:07:40", "db": "PACKETSTORM", "id": "155728" }, { "date": "2019-11-15T16:16:10", "db": "PACKETSTORM", "id": "155352" }, { "date": "2020-07-29T17:53:05", "db": "PACKETSTORM", "id": "158651" }, { "date": "2019-10-02T15:03:59", "db": "PACKETSTORM", "id": "154712" }, { "date": "2020-04-14T15:39:41", "db": "PACKETSTORM", "id": "157214" }, { "date": "2020-03-05T14:41:17", "db": "PACKETSTORM", "id": "156628" }, { "date": "2020-03-27T13:16:40", "db": "PACKETSTORM", "id": "156941" }, { "date": "2019-08-14T22:22:22", "db": "PACKETSTORM", "id": "154058" }, { "date": "2020-03-23T15:57:42", "db": "PACKETSTORM", "id": "156852" }, { "date": "2019-09-30T22:22:22", "db": "PACKETSTORM", "id": "154693" }, { "date": "2019-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-940" }, { "date": "2019-08-13T21:15:13.003000", "db": "NVD", "id": "CVE-2019-9518" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-11-19T00:00:00", "db": "CERT/CC", "id": "VU#605641" }, { "date": "2020-10-22T00:00:00", "db": "VULHUB", "id": "VHN-160953" }, { "date": "2022-11-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-940" }, { "date": "2023-11-07T03:13:43.380000", "db": "NVD", "id": "CVE-2019-9518" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-940" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HTTP/2 implementations do not robustly handle abnormal traffic and resource exhaustion", "sources": [ { "db": "CERT/CC", "id": "VU#605641" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-940" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.