{"url":"http://public2.vulnerablecode.io/api/packages/105627?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs?arch=el7","type":"rpm","namespace":"redhat","name":"jbcs-httpd24-nghttp2","version":"1.39.2-4.jbcs","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3790?format=json","vulnerability_id":"VCID-4sss-a8ne-kqbc","summary":"When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the \"H2Upgrade on\" is unaffected by this.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0197","reference_id":"","reference_type":"","scores":[{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84397","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84408","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.8434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84363","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84385","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.8439","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695042","reference_id":"1695042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695042"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0197.json","reference_id":"CVE-2019-0197","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0197.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[],"aliases":["CVE-2019-0197"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sss-a8ne-kqbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3789?format=json","vulnerability_id":"VCID-6vxq-uxxw-ybeh","summary":"Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0196","reference_id":"","reference_type":"","scores":[{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92804","published_at":"2026-04-01T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.9283","published_at":"2026-04-12T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92823","published_at":"2026-04-08T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92827","published_at":"2026-04-09T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92831","published_at":"2026-04-13T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92811","published_at":"2026-04-02T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92816","published_at":"2026-04-04T12:55:00Z"},{"value":"0.09496","scoring_system":"epss","scoring_elements":"0.92814","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695030","reference_id":"1695030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695030"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0196.json","reference_id":"CVE-2019-0196","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0196.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[],"aliases":["CVE-2019-0196"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxq-uxxw-ybeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3786?format=json","vulnerability_id":"VCID-7u2r-egf2-vfhx","summary":"By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17189","reference_id":"","reference_type":"","scores":[{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90289","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90332","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.9031","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90324","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90339","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90338","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90292","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05616","scoring_system":"epss","scoring_elements":"0.90305","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.gentoo.org/glsa/201903-21","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190125-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.securityfocus.com/bid/106685","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106685"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668497","reference_id":"1668497","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668497"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302","reference_id":"920302","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302"},{"reference_url":"https://security.archlinux.org/ASA-201901-14","reference_id":"ASA-201901-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-14"},{"reference_url":"https://security.archlinux.org/AVG-857","reference_id":"AVG-857","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-857"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-17189.json","reference_id":"CVE-2018-17189","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-17189.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17189","reference_id":"CVE-2018-17189","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17189"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[],"aliases":["CVE-2018-17189"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7u2r-egf2-vfhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73027?format=json","vulnerability_id":"VCID-7ygr-6dqp-m3hh","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0734.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0734.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0734","reference_id":"","reference_type":"","scores":[{"value":"0.06051","scoring_system":"epss","scoring_elements":"0.90692","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06051","scoring_system":"epss","scoring_elements":"0.90742","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06051","scoring_system":"epss","scoring_elements":"0.9073","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06051","scoring_system":"epss","scoring_elements":"0.90736","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06051","scoring_system":"epss","scoring_elements":"0.90745","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06051","scoring_system":"epss","scoring_elements":"0.90698","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06051","scoring_system":"epss","scoring_elements":"0.90709","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06051","scoring_system":"epss","scoring_elements":"0.90719","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644364","reference_id":"1644364","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644364"},{"reference_url":"https://security.archlinux.org/ASA-201812-5","reference_id":"ASA-201812-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-5"},{"reference_url":"https://security.archlinux.org/ASA-201812-6","reference_id":"ASA-201812-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201812-6"},{"reference_url":"https://security.archlinux.org/AVG-792","reference_id":"AVG-792","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-792"},{"reference_url":"https://security.archlinux.org/AVG-793","reference_id":"AVG-793","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-793"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2304","reference_id":"RHSA-2019:2304","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2304"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3700","reference_id":"RHSA-2019:3700","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3700"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://usn.ubuntu.com/3840-1/","reference_id":"USN-3840-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3840-1/"}],"fixed_packages":[],"aliases":["CVE-2018-0734"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ygr-6dqp-m3hh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45?format=json","vulnerability_id":"VCID-9hzg-r1fj-pubf","summary":"Excessive CPU usage in HTTP/2 with priority changes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513","reference_id":"","reference_type":"","scores":[{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91201","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.9125","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91235","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91248","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91215","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741","reference_id":"1735741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513","reference_id":"CVE-2019-9513","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[],"aliases":["CVE-2019-9513"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3787?format=json","vulnerability_id":"VCID-ct26-19cq-8kd7","summary":"In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17199","reference_id":"","reference_type":"","scores":[{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93208","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.9322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93228","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93233","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93237","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93234","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93217","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10459","scoring_system":"epss","scoring_elements":"0.93222","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.gentoo.org/glsa/201903-21","reference_id":"","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190125-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190125-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.tenable.com/security/tns-2019-09","reference_id":"","reference_type":"","scores":[],"url":"https://www.tenable.com/security/tns-2019-09"},{"reference_url":"http://www.securityfocus.com/bid/106742","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106742"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668493","reference_id":"1668493","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668493"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303","reference_id":"920303","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303"},{"reference_url":"https://security.archlinux.org/ASA-201901-14","reference_id":"ASA-201901-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-14"},{"reference_url":"https://security.archlinux.org/AVG-857","reference_id":"AVG-857","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-857"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2018-17199.json","reference_id":"CVE-2018-17199","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2018-17199.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17199","reference_id":"CVE-2018-17199","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17199"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1121","reference_id":"RHSA-2020:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1809","reference_id":"RHSA-2021:1809","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1809"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"}],"fixed_packages":[],"aliases":["CVE-2018-17199"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25?format=json","vulnerability_id":"VCID-dmv4-ydq9-a7eq","summary":"Excessive CPU usage in HTTP/2 with small window updates","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511","reference_id":"","reference_type":"","scores":[{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94283","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94302","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94313","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94322","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94292","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860","reference_id":"1741860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511","reference_id":"CVE-2019-9511","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[],"aliases":["CVE-2019-9511"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49829?format=json","vulnerability_id":"VCID-h7td-61b7-q7aw","summary":"Multiple vulnerabilities have been found in OpenSSL, the worst of\n    which may lead to a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0737.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0737","reference_id":"","reference_type":"","scores":[{"value":"0.38121","scoring_system":"epss","scoring_elements":"0.97191","published_at":"2026-04-01T12:55:00Z"},{"value":"0.38121","scoring_system":"epss","scoring_elements":"0.97219","published_at":"2026-04-13T12:55:00Z"},{"value":"0.38121","scoring_system":"epss","scoring_elements":"0.97213","published_at":"2026-04-08T12:55:00Z"},{"value":"0.38121","scoring_system":"epss","scoring_elements":"0.97215","published_at":"2026-04-09T12:55:00Z"},{"value":"0.38121","scoring_system":"epss","scoring_elements":"0.97218","published_at":"2026-04-11T12:55:00Z"},{"value":"0.38121","scoring_system":"epss","scoring_elements":"0.97197","published_at":"2026-04-02T12:55:00Z"},{"value":"0.38121","scoring_system":"epss","scoring_elements":"0.97202","published_at":"2026-04-04T12:55:00Z"},{"value":"0.38121","scoring_system":"epss","scoring_elements":"0.97204","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-0737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1568253","reference_id":"1568253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1568253"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895844","reference_id":"895844","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895844"},{"reference_url":"https://security.archlinux.org/AVG-674","reference_id":"AVG-674","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-674"},{"reference_url":"https://security.archlinux.org/AVG-675","reference_id":"AVG-675","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-675"},{"reference_url":"https://security.gentoo.org/glsa/201811-21","reference_id":"GLSA-201811-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3221","reference_id":"RHSA-2018:3221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://usn.ubuntu.com/3628-1/","reference_id":"USN-3628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3628-1/"},{"reference_url":"https://usn.ubuntu.com/3628-2/","reference_id":"USN-3628-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3628-2/"},{"reference_url":"https://usn.ubuntu.com/3692-1/","reference_id":"USN-3692-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3692-1/"},{"reference_url":"https://usn.ubuntu.com/3692-2/","reference_id":"USN-3692-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3692-2/"}],"fixed_packages":[],"aliases":["CVE-2018-0737"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7td-61b7-q7aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48?format=json","vulnerability_id":"VCID-kcsp-h1s5-wbea","summary":"Excessive memory usage in HTTP/2 with zero length headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516","reference_id":"","reference_type":"","scores":[{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8426","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84314","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84319","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84337","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84292","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864","reference_id":"1741864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516","reference_id":"CVE-2019-9516","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2950","reference_id":"RHSA-2019:2950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"}],"fixed_packages":[],"aliases":["CVE-2019-9516"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcsp-h1s5-wbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3794?format=json","vulnerability_id":"VCID-w6p6-u8ku-k3f6","summary":"In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0217","reference_id":"","reference_type":"","scores":[{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97464","published_at":"2026-04-01T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97488","published_at":"2026-04-13T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97475","published_at":"2026-04-07T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97481","published_at":"2026-04-08T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97482","published_at":"2026-04-09T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.43022","scoring_system":"epss","scoring_elements":"0.97471","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://httpd.apache.org/security/vulnerabilities_24.html","reference_id":"","reference_type":"","scores":[],"url":"https://httpd.apache.org/security/vulnerabilities_24.html"},{"reference_url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/"},{"reference_url":"https://seclists.org/bugtraq/2019/Apr/5","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Apr/5"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190423-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190423-0001/"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us"},{"reference_url":"https://www.debian.org/security/2019/dsa-4422","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4422"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/02/5","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/04/02/5"},{"reference_url":"http://www.securityfocus.com/bid/107668","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107668"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695020","reference_id":"1695020","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695020"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0217.json","reference_id":"CVE-2019-0217","reference_type":"","scores":[{"value":"important","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0217.json"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0217","reference_id":"CVE-2019-0217","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0217"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2343","reference_id":"RHSA-2019:2343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3436","reference_id":"RHSA-2019:3436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4126","reference_id":"RHSA-2019:4126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4126"},{"reference_url":"https://usn.ubuntu.com/3937-1/","reference_id":"USN-3937-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-1/"},{"reference_url":"https://usn.ubuntu.com/3937-2/","reference_id":"USN-3937-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3937-2/"}],"fixed_packages":[],"aliases":["CVE-2019-0217"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6p6-u8ku-k3f6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3796?format=json","vulnerability_id":"VCID-y3k1-c4rn-xbc2","summary":"A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9517.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9517","reference_id":"","reference_type":"","scores":[{"value":"0.04564","scoring_system":"epss","scoring_elements":"0.89159","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04564","scoring_system":"epss","scoring_elements":"0.89153","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90652","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90648","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90624","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90631","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05964","scoring_system":"epss","scoring_elements":"0.90643","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9517"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10081"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10082"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9517"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741868","reference_id":"1741868","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741868"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-9517.json","reference_id":"CVE-2019-9517","reference_type":"","scores":[{"value":"moderate","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-9517.json"},{"reference_url":"https://security.gentoo.org/glsa/201909-04","reference_id":"GLSA-201909-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201909-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2893","reference_id":"RHSA-2019:2893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2950","reference_id":"RHSA-2019:2950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[],"aliases":["CVE-2019-9517"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3k1-c4rn-xbc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34887?format=json","vulnerability_id":"VCID-z3fb-nqcp-g3fq","summary":"Multiple Information Disclosure vulnerabilities in OpenSSL allow\n    attackers to obtain sensitive information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5407.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5407.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5407","reference_id":"","reference_type":"","scores":[{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.70564","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.70578","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.70595","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.70573","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.70656","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.70642","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.70618","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00643","scoring_system":"epss","scoring_elements":"0.70634","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00844","scoring_system":"epss","scoring_elements":"0.74773","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1645695","reference_id":"1645695","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1645695"},{"reference_url":"https://github.com/bbbrumley/portsmash/tree/e3e7447ba04e1a8a5637cabadf3403faf94f7a56","reference_id":"CVE-2018-5407","reference_type":"exploit","scores":[],"url":"https://github.com/bbbrumley/portsmash/tree/e3e7447ba04e1a8a5637cabadf3403faf94f7a56"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/local/45785.md","reference_id":"CVE-2018-5407","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/hardware/local/45785.md"},{"reference_url":"https://security.gentoo.org/glsa/201903-10","reference_id":"GLSA-201903-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-10"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0483","reference_id":"RHSA-2019:0483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2125","reference_id":"RHSA-2019:2125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://usn.ubuntu.com/3840-1/","reference_id":"USN-3840-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3840-1/"}],"fixed_packages":[],"aliases":["CVE-2018-5407"],"risk_score":8.6,"exploitability":"2.0","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3fb-nqcp-g3fq"}],"fixing_vulnerabilities":[],"risk_score":"8.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-4.jbcs%3Farch=el7"}