Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/99534?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/99534?format=api", "purl": "pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-1.Final_redhat_00002.1.ep7?arch=el7", "type": "rpm", "namespace": "redhat", "name": "eap7-log4j-jboss-logmanager", "version": "1.2.2-1.Final_redhat_00002.1.ep7", "qualifiers": { "arch": "el7" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12311?format=api", "vulnerability_id": "VCID-1vfk-arae-ubha", "summary": "Deserialization of Untrusted Data in Log4j 1.x\nJMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.7078", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70794", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70817", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.7081", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70718", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70737", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70713", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70758", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00647", "scoring_system": "epss", "scoring_elements": "0.70796", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.73859", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00785", "scoring_system": "epss", "scoring_elements": "0.7385", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j1" }, { "reference_url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/bsr3l5qz4g0myrjhy9h67bcxodpkwj4w" }, { "reference_url": "https://logging.apache.org/log4j/1.2/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://logging.apache.org/log4j/1.2/index.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220217-0006" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/18/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482", "reference_id": "1004482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949", "reference_id": "2041949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041949" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302", "reference_id": "CVE-2022-23302", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23302" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2022-23302-detect-log4j-1217-vulnerability", "reference_id": "CVE-2022-23302-DETECT-LOG4J-1217-VULNERABILITY", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2022-23302-detect-log4j-1217-vulnerability" }, { "reference_url": "https://www.vicarius.io/vsociety/posts/cve-2022-23302-mitigate-log4j-1217-vulnerability", "reference_id": "CVE-2022-23302-MITIGATE-LOG4J-1217-VULNERABILITY", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.vicarius.io/vsociety/posts/cve-2022-23302-mitigate-log4j-1217-vulnerability" }, { "reference_url": "https://github.com/advisories/GHSA-w9p3-5cr8-m3jj", "reference_id": "GHSA-w9p3-5cr8-m3jj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w9p3-5cr8-m3jj" }, { "reference_url": "https://security.gentoo.org/glsa/202402-16", "reference_id": "GLSA-202402-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0289", "reference_id": "RHSA-2022:0289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0290", "reference_id": "RHSA-2022:0290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0291", "reference_id": "RHSA-2022:0291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0294", "reference_id": "RHSA-2022:0294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0430", "reference_id": "RHSA-2022:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0435", "reference_id": "RHSA-2022:0435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0436", "reference_id": "RHSA-2022:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0437", "reference_id": "RHSA-2022:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0438", "reference_id": "RHSA-2022:0438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0439", "reference_id": "RHSA-2022:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0442", "reference_id": "RHSA-2022:0442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0444", "reference_id": "RHSA-2022:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0445", "reference_id": "RHSA-2022:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0446", "reference_id": "RHSA-2022:0446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0449", "reference_id": "RHSA-2022:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0450", "reference_id": "RHSA-2022:0450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0467", "reference_id": "RHSA-2022:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0469", "reference_id": "RHSA-2022:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0475", "reference_id": "RHSA-2022:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0497", "reference_id": "RHSA-2022:0497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0507", "reference_id": "RHSA-2022:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0524", "reference_id": "RHSA-2022:0524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0527", "reference_id": "RHSA-2022:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0553", "reference_id": "RHSA-2022:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0661", "reference_id": "RHSA-2022:0661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5458", "reference_id": "RHSA-2022:5458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5459", "reference_id": "RHSA-2022:5459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5460", "reference_id": "RHSA-2022:5460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/5998-1/", "reference_id": "USN-5998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5998-1/" }, { "reference_url": "https://usn.ubuntu.com/7590-1/", "reference_id": "USN-7590-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7590-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-23302", "GHSA-w9p3-5cr8-m3jj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfk-arae-ubha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11784?format=api", "vulnerability_id": "VCID-698m-2hju-2qcv", "summary": "Deserialization of Untrusted Data\nJMSAppender in Log4j is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide `TopicBindingName` and `TopicConnectionFactoryBindingName` configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j when specifically configured to use JMSAppender, which is not the default. Apache Log4j reached end of life in August Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4104.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98653", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98651", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98644", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98643", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98641", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98639", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98633", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98647", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.69284", "scoring_system": "epss", "scoring_elements": "0.98646", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.72202", "scoring_system": "epss", "scoring_elements": "0.98761", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.72202", "scoring_system": "epss", "scoring_elements": "0.98762", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.72202", "scoring_system": "epss", "scoring_elements": "0.98765", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-4104" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2" }, { "reference_url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033" }, { "reference_url": "https://security.gentoo.org/glsa/202209-02", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202209-02" }, { "reference_url": "https://security.gentoo.org/glsa/202310-16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202310-16" }, { "reference_url": "https://security.gentoo.org/glsa/202312-04", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202312-04" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211223-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211223-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20211223-0007/" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2021-44228", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228" }, { "reference_url": "https://www.kb.cert.org/vuls/id/930724", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/18/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667", "reference_id": "2031667", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031667" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-4104", "reference_id": "CVE-2021-4104", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-4104" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104", "reference_id": "CVE-2021-4104", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4104" }, { "reference_url": "https://github.com/advisories/GHSA-fp5r-v3w9-4333", "reference_id": "GHSA-fp5r-v3w9-4333", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fp5r-v3w9-4333" }, { "reference_url": "https://security.gentoo.org/glsa/202312-02", "reference_id": "GLSA-202312-02", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202312-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5107", "reference_id": "RHSA-2021:5107", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5107" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5141", "reference_id": "RHSA-2021:5141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5148", "reference_id": "RHSA-2021:5148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5183", "reference_id": "RHSA-2021:5183", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5183" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5184", "reference_id": "RHSA-2021:5184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5186", "reference_id": "RHSA-2021:5186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5206", "reference_id": "RHSA-2021:5206", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5269", "reference_id": "RHSA-2021:5269", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0289", "reference_id": "RHSA-2022:0289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0290", "reference_id": "RHSA-2022:0290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0291", "reference_id": "RHSA-2022:0291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0294", "reference_id": "RHSA-2022:0294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0430", "reference_id": "RHSA-2022:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0435", "reference_id": "RHSA-2022:0435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0436", "reference_id": "RHSA-2022:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0437", "reference_id": "RHSA-2022:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0438", "reference_id": "RHSA-2022:0438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0444", "reference_id": "RHSA-2022:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0445", "reference_id": "RHSA-2022:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0446", "reference_id": "RHSA-2022:0446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0449", "reference_id": "RHSA-2022:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0450", "reference_id": "RHSA-2022:0450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0475", "reference_id": "RHSA-2022:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0497", "reference_id": "RHSA-2022:0497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0507", "reference_id": "RHSA-2022:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0524", "reference_id": "RHSA-2022:0524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0527", "reference_id": "RHSA-2022:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0553", "reference_id": "RHSA-2022:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0661", "reference_id": "RHSA-2022:0661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5458", "reference_id": "RHSA-2022:5458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5459", "reference_id": "RHSA-2022:5459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5460", "reference_id": "RHSA-2022:5460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/5223-1/", "reference_id": "USN-5223-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5223-1/" }, { "reference_url": "https://usn.ubuntu.com/USN-5223-2/", "reference_id": "USN-USN-5223-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5223-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-4104", "GHSA-fp5r-v3w9-4333" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-698m-2hju-2qcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12203?format=api", "vulnerability_id": "VCID-9k99-jzq8-fyge", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nBy design, the JDBCAppender in Log4j accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j when specifically configured to use the JDBCAppender, which is not the default. Beginning, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j reached end of life in August Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23305.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23305.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23305", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92072", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92037", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92045", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.9205", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92062", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92069", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92077", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07951", "scoring_system": "epss", "scoring_elements": "0.92074", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.09452", "scoring_system": "epss", "scoring_elements": "0.92827", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.09452", "scoring_system": "epss", "scoring_elements": "0.92832", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.1156", "scoring_system": "epss", "scoring_elements": "0.93668", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23305" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j1" }, { "reference_url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/pt6lh3pbsvxqlwlp4c5l798dv2hkc85y" }, { "reference_url": "https://logging.apache.org/log4j/1.2/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://logging.apache.org/log4j/1.2/index.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220217-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220217-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220217-0007/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/01/18/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/01/18/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482", "reference_id": "1004482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959", "reference_id": "2041959", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041959" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305", "reference_id": "CVE-2022-23305", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23305" }, { "reference_url": "https://github.com/advisories/GHSA-65fg-84f6-3jq3", "reference_id": "GHSA-65fg-84f6-3jq3", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65fg-84f6-3jq3" }, { "reference_url": "https://security.gentoo.org/glsa/202402-16", "reference_id": "GLSA-202402-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0289", "reference_id": "RHSA-2022:0289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0290", "reference_id": "RHSA-2022:0290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0291", "reference_id": "RHSA-2022:0291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0294", "reference_id": "RHSA-2022:0294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0430", "reference_id": "RHSA-2022:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0435", "reference_id": "RHSA-2022:0435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0436", "reference_id": "RHSA-2022:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0437", "reference_id": "RHSA-2022:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0438", "reference_id": "RHSA-2022:0438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0439", "reference_id": "RHSA-2022:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0442", "reference_id": "RHSA-2022:0442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0444", "reference_id": "RHSA-2022:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0445", "reference_id": "RHSA-2022:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0446", "reference_id": "RHSA-2022:0446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0449", "reference_id": "RHSA-2022:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0450", "reference_id": "RHSA-2022:0450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0467", "reference_id": "RHSA-2022:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0469", "reference_id": "RHSA-2022:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0475", "reference_id": "RHSA-2022:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0497", "reference_id": "RHSA-2022:0497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0507", "reference_id": "RHSA-2022:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0524", "reference_id": "RHSA-2022:0524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0527", "reference_id": "RHSA-2022:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0553", "reference_id": "RHSA-2022:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0661", "reference_id": "RHSA-2022:0661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5458", "reference_id": "RHSA-2022:5458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5459", "reference_id": "RHSA-2022:5459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5460", "reference_id": "RHSA-2022:5460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/5998-1/", "reference_id": "USN-5998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5998-1/" }, { "reference_url": "https://usn.ubuntu.com/7590-1/", "reference_id": "USN-7590-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7590-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-23305", "GHSA-65fg-84f6-3jq3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9k99-jzq8-fyge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82269?format=api", "vulnerability_id": "VCID-aqt5-2ffy-9bgs", "summary": "HTTP/2: flood using SETTINGS frames results in unbounded memory growth", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9515.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.92654", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.92655", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.92657", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.92658", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.92618", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.92629", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.92635", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.92639", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.9264", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09046", "scoring_system": "epss", "scoring_elements": "0.92652", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.10394", "scoring_system": "epss", "scoring_elements": "0.93194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10394", "scoring_system": "epss", "scoring_elements": "0.93185", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745", "reference_id": "1735745", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735745" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886", "reference_id": "934886", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887", "reference_id": "934887", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3196", "reference_id": "RHSA-2020:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3197", "reference_id": "RHSA-2020:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/USN-4866-1/", "reference_id": "USN-USN-4866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4866-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2019-9515" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqt5-2ffy-9bgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12208?format=api", "vulnerability_id": "VCID-bbq3-tx7c-yucn", "summary": "This advisory has been marked as False Positive and removed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23307.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23307", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84292", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84288", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84287", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84265", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84268", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84256", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84249", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84227", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84208", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02155", "scoring_system": "epss", "scoring_elements": "0.84226", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02603", "scoring_system": "epss", "scoring_elements": "0.85674", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02603", "scoring_system": "epss", "scoring_elements": "0.85661", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02603", "scoring_system": "epss", "scoring_elements": "0.85672", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23307" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh" }, { "reference_url": "https://logging.apache.org/log4j/1.2/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://logging.apache.org/log4j/1.2/index.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482", "reference_id": "1004482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967", "reference_id": "2041967", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041967" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307", "reference_id": "CVE-2022-23307", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23307" }, { "reference_url": "https://github.com/advisories/GHSA-f7vh-qwp3-x37m", "reference_id": "GHSA-f7vh-qwp3-x37m", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7vh-qwp3-x37m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0289", "reference_id": "RHSA-2022:0289", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0289" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0290", "reference_id": "RHSA-2022:0290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0291", "reference_id": "RHSA-2022:0291", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0291" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0294", "reference_id": "RHSA-2022:0294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0430", "reference_id": "RHSA-2022:0430", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0430" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0435", "reference_id": "RHSA-2022:0435", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0435" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0436", "reference_id": "RHSA-2022:0436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0437", "reference_id": "RHSA-2022:0437", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0438", "reference_id": "RHSA-2022:0438", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0438" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0439", "reference_id": "RHSA-2022:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0442", "reference_id": "RHSA-2022:0442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0444", "reference_id": "RHSA-2022:0444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0445", "reference_id": "RHSA-2022:0445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0446", "reference_id": "RHSA-2022:0446", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0446" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0447", "reference_id": "RHSA-2022:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0448", "reference_id": "RHSA-2022:0448", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0449", "reference_id": "RHSA-2022:0449", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0450", "reference_id": "RHSA-2022:0450", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0467", "reference_id": "RHSA-2022:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0469", "reference_id": "RHSA-2022:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0469" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0475", "reference_id": "RHSA-2022:0475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0497", "reference_id": "RHSA-2022:0497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0507", "reference_id": "RHSA-2022:0507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0524", "reference_id": "RHSA-2022:0524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0527", "reference_id": "RHSA-2022:0527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0553", "reference_id": "RHSA-2022:0553", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0553" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0661", "reference_id": "RHSA-2022:0661", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5458", "reference_id": "RHSA-2022:5458", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5458" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5459", "reference_id": "RHSA-2022:5459", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5459" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5460", "reference_id": "RHSA-2022:5460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/5998-1/", "reference_id": "USN-5998-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5998-1/" }, { "reference_url": "https://usn.ubuntu.com/7590-1/", "reference_id": "USN-7590-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7590-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2022-23307", "GHSA-f7vh-qwp3-x37m" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbq3-tx7c-yucn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25?format=api", "vulnerability_id": "VCID-dmv4-ydq9-a7eq", "summary": "Excessive CPU usage in HTTP/2 with small window updates", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94283", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94345", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94322", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94339", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94344", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94347", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94292", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94302", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94313", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94318", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860", "reference_id": "1741860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/ASA-201908-17", "reference_id": "ASA-201908-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-17" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://security.archlinux.org/AVG-1024", "reference_id": "AVG-1024", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "reference_id": "CVE-2019-9511", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2692", "reference_id": "RHSA-2019:2692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3041", "reference_id": "RHSA-2019:3041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" }, { "reference_url": "https://usn.ubuntu.com/6754-1/", "reference_id": "USN-6754-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6754-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2019-9511" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54711?format=api", "vulnerability_id": "VCID-hbte-dsw2-y7ad", "summary": "golang.org/x/net/http vulnerable to ping floods\nSome HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.\n\n### Specific Go Packages Affected\ngolang.org/x/net/http2", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2594", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2682", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2690", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2726", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2766", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2769" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2861", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2925", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2939", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2955", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2966", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3131", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3245", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3265", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4018", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4019", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4021", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4040", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4041", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4042", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4045", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4269", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4273", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4352", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0406", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0727" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9512.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9512.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9512", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97891", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97858", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97864", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97869", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97873", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97879", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.9788", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97881", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97888", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.9789", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97886", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.51232", "scoring_system": "epss", "scoring_elements": "0.97887", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/16" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "reference_url": "https://go.dev/cl/190137", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/cl/190137" }, { "reference_url": "https://go.dev/issue/33606", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/issue/33606" }, { "reference_url": "https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ" }, { "reference_url": "https://kb.cert.org/vuls/id/605641", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kb.cert.org/vuls/id/605641" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296" }, { "reference_url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0536", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0536" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/24" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/31" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/43" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Sep/18" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005" }, { "reference_url": "https://support.f5.com/csp/article/K98053339", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K98053339" }, { "reference_url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K98053339?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://usn.ubuntu.com/4308-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-1" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4503", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4503" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4508", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4508" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4520" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/08/20/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645", "reference_id": "1735645", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735645" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886", "reference_id": "934886", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887", "reference_id": "934887", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887" }, { "reference_url": "https://security.archlinux.org/ASA-201908-15", "reference_id": "ASA-201908-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-15" }, { "reference_url": "https://security.archlinux.org/AVG-1021", "reference_id": "AVG-1021", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2817", "reference_id": "RHSA-2019:2817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3196", "reference_id": "RHSA-2020:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3197", "reference_id": "RHSA-2020:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/USN-4866-1/", "reference_id": "USN-USN-4866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4866-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2019-9512", "GHSA-hgr8-6h9x-f7q9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbte-dsw2-y7ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55688?format=api", "vulnerability_id": "VCID-n66u-b73u-zucb", "summary": "golang.org/x/net/http vulnerable to a reset flood\nSome HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. Servers that accept direct connections from untrusted clients could be remotely made to allocate an unlimited amount of memory, until the program crashes. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.\n\n### Specific Go Packages Affected\ngolang.org/x/net/http2", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00076.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00011.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00021.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00038.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2594", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2661" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2682", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2682" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2690", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2726", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2766", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2766" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2769", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2769" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2861", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2925", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2939", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2939" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2955", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2966", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:2966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3131", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3245", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3265", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3265" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3892", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3892" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3906", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4018", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4019", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4019" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4020", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4021", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4040", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4041", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4042", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4045", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4045" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4269", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4269" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4273", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4273" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4352", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0406", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0727", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0727" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92845", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92799", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92806", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.9281", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92809", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92818", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92822", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92826", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92825", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92836", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92837", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92841", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.92848", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.09483", "scoring_system": "epss", "scoring_elements": "0.9285", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9512" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9515" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9518" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Aug/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Aug/16" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md" }, { "reference_url": "https://go.dev/cl/190137", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/cl/190137" }, { "reference_url": "https://go.dev/issue/33606", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.dev/issue/33606" }, { "reference_url": "https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://go.googlesource.com/go/+/145e193131eb486077b66009beb051aba07c52a5" }, { "reference_url": "https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/golang-announce/c/65QixT3tcmg/m/DrFiG6vvCwAJ" }, { "reference_url": "https://kb.cert.org/vuls/id/605641", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kb.cert.org/vuls/id/605641" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10296" }, { "reference_url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/392108390cef48af647a2e47b7fd5380e050e35ae8d1aa2030254c04@%3Cusers.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ad3d01e767199c1aed8033bb6b3f5bf98c011c7c536f07a5d34b3c19@%3Cannounce.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/bde52309316ae798186d783a5e29f4ad1527f61c9219a289d0eee0a7@%3Cdev.trafficserver.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00011.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BBP27PZGSY6OP6D26E5FW4GZKBFHNU7" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYO6E3H34C346D2E443GLXK7OK6KIYIQ" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2022-0536", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2022-0536" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/24", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/24" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/31", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/31" }, { "reference_url": "https://seclists.org/bugtraq/2019/Aug/43", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Aug/43" }, { "reference_url": "https://seclists.org/bugtraq/2019/Sep/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://seclists.org/bugtraq/2019/Sep/18" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0004" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190823-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20190823-0005" }, { "reference_url": "https://support.f5.com/csp/article/K01988340", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K01988340" }, { "reference_url": "https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/csp/article/K01988340?utm_source=f5support&utm_medium=RSS" }, { "reference_url": "https://usn.ubuntu.com/4308-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4308-1" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4503", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4503" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4508", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4508" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4520", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2019/dsa-4520" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4669", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4669" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_33", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_33" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667", "reference_id": "1062667", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062667" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744", "reference_id": "1735744", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735744" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886", "reference_id": "934886", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887", "reference_id": "934887", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934887" }, { "reference_url": "https://security.archlinux.org/ASA-201908-15", "reference_id": "ASA-201908-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-15" }, { "reference_url": "https://security.archlinux.org/AVG-1021", "reference_id": "AVG-1021", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1021" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2817", "reference_id": "RHSA-2019:2817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3196", "reference_id": "RHSA-2020:3196", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3196" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3197", "reference_id": "RHSA-2020:3197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3197" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/USN-4866-1/", "reference_id": "USN-USN-4866-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4866-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2019-9514", "GHSA-39qc-96h7-956f" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n66u-b73u-zucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80983?format=api", "vulnerability_id": "VCID-nrk8-v4zp-6ubx", "summary": "EAP: field-name is not parsed in accordance to RFC7230", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47407", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47442", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47462", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47411", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47466", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47463", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.4746", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47467", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47527", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47519", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47471", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47459", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00242", "scoring_system": "epss", "scoring_elements": "0.47415", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1710" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970", "reference_id": "1793970", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3779", "reference_id": "RHSA-2020:3779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" } ], "fixed_packages": [], "aliases": [ "CVE-2020-1710" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrk8-v4zp-6ubx" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-log4j-jboss-logmanager@1.2.2-1.Final_redhat_00002.1.ep7%3Farch=el7" }