{"url":"http://public2.vulnerablecode.io/api/packages/140685?format=json","purl":"pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-25.jbcs?arch=el6","type":"rpm","namespace":"redhat","name":"jbcs-httpd24-nghttp2","version":"1.39.2-25.jbcs","qualifiers":{"arch":"el6"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51082?format=json","vulnerability_id":"VCID-68uu-wm68-zkfb","summary":"in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1934","reference_id":"","reference_type":"","scores":[{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96489","published_at":"2026-06-04T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96497","published_at":"2026-06-06T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96498","published_at":"2026-06-07T12:55:00Z"},{"value":"0.27241","scoring_system":"epss","scoring_elements":"0.96492","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820772","reference_id":"1820772","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1820772"},{"reference_url":"https://security.archlinux.org/ASA-202004-14","reference_id":"ASA-202004-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202004-14"},{"reference_url":"https://security.archlinux.org/AVG-1126","reference_id":"AVG-1126","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1126"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2020-1934.json","reference_id":"CVE-2020-1934","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2020-1934.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3958","reference_id":"RHSA-2020:3958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3958"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4458-1/","reference_id":"USN-4458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4458-1/"}],"fixed_packages":[],"aliases":["CVE-2020-1934"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-68uu-wm68-zkfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52166?format=json","vulnerability_id":"VCID-81dv-y5sg-9kgq","summary":"Missing Release of Memory after Effective Lifetime\nxmlSchemaPreRun in xmlschemas.c in libxml2 allows an xmlSchemaValidateStream memory leak.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20388.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20388","reference_id":"","reference_type":"","scores":[{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70298","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70307","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70289","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00614","scoring_system":"epss","scoring_elements":"0.70256","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20388"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20388"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799734","reference_id":"1799734","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799734"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/","reference_id":"545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68","reference_id":"68","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583","reference_id":"949583","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949583"},{"reference_url":"https://security.archlinux.org/ASA-202011-15","reference_id":"ASA-202011-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-15"},{"reference_url":"https://security.archlinux.org/AVG-1263","reference_id":"AVG-1263","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1263"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20388","reference_id":"CVE-2019-20388","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-20388"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:50:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3996","reference_id":"RHSA-2020:3996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4479","reference_id":"RHSA-2020:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4991-1/","reference_id":"USN-4991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4991-1/"}],"fixed_packages":[],"aliases":["CVE-2019-20388"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81dv-y5sg-9kgq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52122?format=json","vulnerability_id":"VCID-9usm-m2ey-7qad","summary":"Missing Release of Memory after Effective Lifetime\nxmlParseBalancedChunkMemoryRecover in parser.c in libxml2 has a memory leak related to newDoc->oldNs.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19956","reference_id":"","reference_type":"","scores":[{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43462","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43448","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43389","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0021","scoring_system":"epss","scoring_elements":"0.43472","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19956"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788856","reference_id":"1788856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1788856"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549","reference_id":"5a02583c7e683896d84878bd90641d8d9b0d0549","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19956","reference_id":"CVE-2019-19956","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19956"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html","reference_id":"msg00005.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html","reference_id":"msg00032.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200114-0002/","reference_id":"ntap-20200114-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:29:09Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200114-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3996","reference_id":"RHSA-2020:3996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4479","reference_id":"RHSA-2020:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"}],"fixed_packages":[],"aliases":["CVE-2019-19956"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9usm-m2ey-7qad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1586?format=json","vulnerability_id":"VCID-cvna-73ya-gbg5","summary":"In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to XML_GetCurrentLineNumber or XML_GetCurrentColumnNumber then resulted in a heap-based buffer over-read.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15903.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15903.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15903","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42388","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42328","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42404","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42415","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-15903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://seclists.org/bugtraq/2019/Nov/1","reference_id":"1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://seclists.org/bugtraq/2019/Nov/1"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/17","reference_id":"17","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://seclists.org/bugtraq/2019/Dec/17"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752592","reference_id":"1752592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752592"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/21","reference_id":"21","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://seclists.org/bugtraq/2019/Dec/21"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Dec/23","reference_id":"23","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://seclists.org/fulldisclosure/2019/Dec/23"},{"reference_url":"https://seclists.org/bugtraq/2019/Dec/23","reference_id":"23","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://seclists.org/bugtraq/2019/Dec/23"},{"reference_url":"https://seclists.org/bugtraq/2019/Nov/24","reference_id":"24","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://seclists.org/bugtraq/2019/Nov/24"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Dec/26","reference_id":"26","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://seclists.org/fulldisclosure/2019/Dec/26"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Dec/27","reference_id":"27","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://seclists.org/fulldisclosure/2019/Dec/27"},{"reference_url":"https://seclists.org/bugtraq/2019/Oct/29","reference_id":"29","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://seclists.org/bugtraq/2019/Oct/29"},{"reference_url":"http://seclists.org/fulldisclosure/2019/Dec/30","reference_id":"30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://seclists.org/fulldisclosure/2019/Dec/30"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/30","reference_id":"30","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://seclists.org/bugtraq/2019/Sep/30"},{"reference_url":"https://github.com/libexpat/libexpat/issues/317","reference_id":"317","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://github.com/libexpat/libexpat/issues/317"},{"reference_url":"https://github.com/libexpat/libexpat/pull/318","reference_id":"318","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://github.com/libexpat/libexpat/pull/318"},{"reference_url":"https://github.com/libexpat/libexpat/issues/342","reference_id":"342","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://github.com/libexpat/libexpat/issues/342"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/37","reference_id":"37","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://seclists.org/bugtraq/2019/Sep/37"},{"reference_url":"https://usn.ubuntu.com/4132-1/","reference_id":"4132-1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://usn.ubuntu.com/4132-1/"},{"reference_url":"https://usn.ubuntu.com/4132-2/","reference_id":"4132-2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://usn.ubuntu.com/4132-2/"},{"reference_url":"https://usn.ubuntu.com/4165-1/","reference_id":"4165-1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://usn.ubuntu.com/4165-1/"},{"reference_url":"https://usn.ubuntu.com/4202-1/","reference_id":"4202-1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://usn.ubuntu.com/4202-1/"},{"reference_url":"https://usn.ubuntu.com/4335-1/","reference_id":"4335-1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://usn.ubuntu.com/4335-1/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394","reference_id":"939394","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/","reference_id":"A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"},{"reference_url":"https://security.archlinux.org/ASA-201910-15","reference_id":"ASA-201910-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-15"},{"reference_url":"https://security.archlinux.org/ASA-201910-16","reference_id":"ASA-201910-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-16"},{"reference_url":"https://security.archlinux.org/ASA-201910-17","reference_id":"ASA-201910-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201910-17"},{"reference_url":"https://security.archlinux.org/AVG-1053","reference_id":"AVG-1053","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1053"},{"reference_url":"https://security.archlinux.org/AVG-1054","reference_id":"AVG-1054","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1054"},{"reference_url":"https://security.archlinux.org/AVG-1055","reference_id":"AVG-1055","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1055"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/","reference_id":"BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"},{"reference_url":"https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43","reference_id":"c20b758c332d9a13afbbb276d30db1d183a85d43","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"},{"reference_url":"https://www.debian.org/security/2019/dsa-4530","reference_id":"dsa-4530","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://www.debian.org/security/2019/dsa-4530"},{"reference_url":"https://www.debian.org/security/2019/dsa-4549","reference_id":"dsa-4549","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://www.debian.org/security/2019/dsa-4549"},{"reference_url":"https://www.debian.org/security/2019/dsa-4571","reference_id":"dsa-4571","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://www.debian.org/security/2019/dsa-4571"},{"reference_url":"https://security.gentoo.org/glsa/201911-08","reference_id":"GLSA-201911-08","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://security.gentoo.org/glsa/201911-08"},{"reference_url":"https://support.apple.com/kb/HT210785","reference_id":"HT210785","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://support.apple.com/kb/HT210785"},{"reference_url":"https://support.apple.com/kb/HT210788","reference_id":"HT210788","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://support.apple.com/kb/HT210788"},{"reference_url":"https://support.apple.com/kb/HT210789","reference_id":"HT210789","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://support.apple.com/kb/HT210789"},{"reference_url":"https://support.apple.com/kb/HT210790","reference_id":"HT210790","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://support.apple.com/kb/HT210790"},{"reference_url":"https://support.apple.com/kb/HT210793","reference_id":"HT210793","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://support.apple.com/kb/HT210793"},{"reference_url":"https://support.apple.com/kb/HT210794","reference_id":"HT210794","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://support.apple.com/kb/HT210794"},{"reference_url":"https://support.apple.com/kb/HT210795","reference_id":"HT210795","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://support.apple.com/kb/HT210795"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33","reference_id":"mfsa2019-33","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-33"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34","reference_id":"mfsa2019-34","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-34"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35","reference_id":"mfsa2019-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-35"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html","reference_id":"msg00000.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html","reference_id":"msg00002.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html","reference_id":"msg00003.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html","reference_id":"msg00006.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html","reference_id":"msg00013.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html","reference_id":"msg00016.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html","reference_id":"msg00017.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html","reference_id":"msg00018.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html","reference_id":"msg00019.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html","reference_id":"msg00040.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html","reference_id":"msg00080.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html","reference_id":"msg00081.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190926-0004/","reference_id":"ntap-20190926-0004","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190926-0004/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3193","reference_id":"RHSA-2019:3193","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3196","reference_id":"RHSA-2019:3196","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3196"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3210","reference_id":"RHSA-2019:3210","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3237","reference_id":"RHSA-2019:3237","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3756","reference_id":"RHSA-2019:3756","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2019:3756"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3952","reference_id":"RHSA-2020:3952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4484","reference_id":"RHSA-2020:4484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22871","reference_id":"RHSA-2025:22871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22871"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/","reference_id":"S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"},{"reference_url":"http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html","reference_id":"Slackware-Security-Advisory-expat-Updates.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"},{"reference_url":"http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html","reference_id":"Slackware-Security-Advisory-mozilla-firefox-Updates.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"},{"reference_url":"http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html","reference_id":"Slackware-Security-Advisory-python-Updates.html","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"},{"reference_url":"https://www.tenable.com/security/tns-2021-11","reference_id":"tns-2021-11","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:27:14Z/"}],"url":"https://www.tenable.com/security/tns-2021-11"},{"reference_url":"https://usn.ubuntu.com/7199-1/","reference_id":"USN-7199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7199-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4852-1/","reference_id":"USN-USN-4852-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4852-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5455-1/","reference_id":"USN-USN-5455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5455-1/"}],"fixed_packages":[],"aliases":["CVE-2019-15903"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cvna-73ya-gbg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94946?format=json","vulnerability_id":"VCID-dczz-4wtw-83b9","summary":"In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11080","reference_id":"","reference_type":"","scores":[{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79666","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79638","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.79665","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01247","scoring_system":"epss","scoring_elements":"0.7967","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8174"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1844929","reference_id":"1844929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1844929"},{"reference_url":"https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090","reference_id":"336a98feb0d56b9ac54e12736b18785c27f75090","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/","reference_id":"4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145","reference_id":"962145","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962145"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/","reference_id":"AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4696","reference_id":"dsa-4696","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://www.debian.org/security/2020/dsa-4696"},{"reference_url":"https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394","reference_id":"f8da73bd042f810f34d19f9eae02b46d870af394","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394"},{"reference_url":"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr","reference_id":"GHSA-q5wr-xfw9-q7xr","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html","reference_id":"msg00011.html","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:44:48Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2523","reference_id":"RHSA-2020:2523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2524","reference_id":"RHSA-2020:2524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2524"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2755","reference_id":"RHSA-2020:2755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2784","reference_id":"RHSA-2020:2784","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2784"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2823","reference_id":"RHSA-2020:2823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2847","reference_id":"RHSA-2020:2847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2848","reference_id":"RHSA-2020:2848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2849","reference_id":"RHSA-2020:2849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2850","reference_id":"RHSA-2020:2850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2852","reference_id":"RHSA-2020:2852","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2852"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2895","reference_id":"RHSA-2020:2895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3042","reference_id":"RHSA-2020:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3084","reference_id":"RHSA-2020:3084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3084"},{"reference_url":"https://usn.ubuntu.com/6142-1/","reference_id":"USN-6142-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6142-1/"}],"fixed_packages":[],"aliases":["CVE-2020-11080"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dczz-4wtw-83b9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4137?format=json","vulnerability_id":"VCID-faqh-hsss-93bc","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0197","reference_id":"","reference_type":"","scores":[{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84705","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84733","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84727","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02193","scoring_system":"epss","scoring_elements":"0.84729","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695042","reference_id":"1695042","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695042"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0197.json","reference_id":"CVE-2019-0197","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0197.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"},{"reference_url":"https://usn.ubuntu.com/4113-1/","reference_id":"USN-4113-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4113-1/"}],"fixed_packages":[],"aliases":["CVE-2019-0197"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-faqh-hsss-93bc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51498?format=json","vulnerability_id":"VCID-jxz3-ug52-cuhn","summary":"libxml2 2.9.10 has an infinite loop in a certain end-of-file situation\nNokogiri has backported the patch for CVE-2020-7595 into its vendored version\nof libxml2, and released this as v1.10.8\n\nCVE-2020-7595 has not yet been addressed in an upstream libxml2 release, and\nso Nokogiri versions <= v1.10.7 are vulnerable.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7595.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7595","reference_id":"","reference_type":"","scores":[{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65284","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65296","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65285","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00476","scoring_system":"epss","scoring_elements":"0.65244","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-7595"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7595"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2020-7595.yml"},{"reference_url":"https://github.com/sparklemotion/nokogiri","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri"},{"reference_url":"https://github.com/sparklemotion/nokogiri/issues/1992","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sparklemotion/nokogiri/issues/1992"},{"reference_url":"https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"https://security.gentoo.org/glsa/202010-04","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://security.gentoo.org/glsa/202010-04"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0005","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200702-0005"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200702-0005/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://security.netapp.com/advisory/ntap-20200702-0005/"},{"reference_url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08"},{"reference_url":"https://usn.ubuntu.com/4274-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4274-1"},{"reference_url":"https://usn.ubuntu.com/4274-1/","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://usn.ubuntu.com/4274-1/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799786","reference_id":"1799786","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1799786"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/","reference_id":"545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/","reference_id":"5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582","reference_id":"949582","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=949582"},{"reference_url":"https://security.archlinux.org/ASA-202011-15","reference_id":"ASA-202011-15","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-15"},{"reference_url":"https://security.archlinux.org/AVG-1263","reference_id":"AVG-1263","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1263"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7595","reference_id":"CVE-2020-7595","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-7595"},{"reference_url":"https://github.com/advisories/GHSA-7553-jr98-vx47","reference_id":"GHSA-7553-jr98-vx47","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7553-jr98-vx47"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/","reference_id":"JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-12-03T15:33:37Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3996","reference_id":"RHSA-2020:3996","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3996"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4479","reference_id":"RHSA-2020:4479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"}],"fixed_packages":[],"aliases":["CVE-2020-7595","GHSA-7553-jr98-vx47"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jxz3-ug52-cuhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41117?format=json","vulnerability_id":"VCID-qh6t-bcd8-9qf7","summary":"Improper Restriction of XML External Entity Reference\n`libexpat` in Expat, XML input including XML names that contain many colons could make the XML parser consume a high amount of RAM and CPU resources while processing, leading to a possible denial-of-service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20843.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20843.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20843","reference_id":"","reference_type":"","scores":[{"value":"0.05584","scoring_system":"epss","scoring_elements":"0.90476","published_at":"2026-06-06T12:55:00Z"},{"value":"0.05584","scoring_system":"epss","scoring_elements":"0.90461","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05584","scoring_system":"epss","scoring_elements":"0.90473","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20843"},{"reference_url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/libexpat/libexpat/issues/186","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://github.com/libexpat/libexpat/issues/186"},{"reference_url":"https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6","reference_id":"11f8838bf99ea0a6f0b76f9760c43704d00c4ff6","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1723723","reference_id":"1723723","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1723723"},{"reference_url":"https://github.com/libexpat/libexpat/pull/262","reference_id":"262","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://github.com/libexpat/libexpat/pull/262"},{"reference_url":"https://seclists.org/bugtraq/2019/Jun/39","reference_id":"39","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://seclists.org/bugtraq/2019/Jun/39"},{"reference_url":"https://usn.ubuntu.com/4040-1/","reference_id":"4040-1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://usn.ubuntu.com/4040-1/"},{"reference_url":"https://usn.ubuntu.com/4040-2/","reference_id":"4040-2","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://usn.ubuntu.com/4040-2/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031","reference_id":"931031","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/","reference_id":"CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/"},{"reference_url":"https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes","reference_id":"Changes","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20843","reference_id":"CVE-2018-20843","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20843"},{"reference_url":"https://www.debian.org/security/2019/dsa-4472","reference_id":"dsa-4472","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://www.debian.org/security/2019/dsa-4472"},{"reference_url":"https://security.gentoo.org/glsa/201911-08","reference_id":"GLSA-201911-08","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://security.gentoo.org/glsa/201911-08"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/","reference_id":"IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/"},{"reference_url":"https://support.f5.com/csp/article/K51011533","reference_id":"K51011533","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://support.f5.com/csp/article/K51011533"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html","reference_id":"msg00028.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html","reference_id":"msg00039.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190703-0001/","reference_id":"ntap-20190703-0001","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190703-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3952","reference_id":"RHSA-2020:3952","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3952"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4484","reference_id":"RHSA-2020:4484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4846","reference_id":"RHSA-2020:4846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22871","reference_id":"RHSA-2025:22871","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22871"},{"reference_url":"https://www.tenable.com/security/tns-2021-11","reference_id":"tns-2021-11","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:37:31Z/"}],"url":"https://www.tenable.com/security/tns-2021-11"},{"reference_url":"https://usn.ubuntu.com/7199-1/","reference_id":"USN-7199-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7199-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4852-1/","reference_id":"USN-USN-4852-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4852-1/"},{"reference_url":"https://usn.ubuntu.com/USN-5455-1/","reference_id":"USN-USN-5455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5455-1/"}],"fixed_packages":[],"aliases":["CVE-2018-20843"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qh6t-bcd8-9qf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4138?format=json","vulnerability_id":"VCID-t9kh-3weu-qugs","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0196","reference_id":"","reference_type":"","scores":[{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92569","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.9256","published_at":"2026-06-07T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92556","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08584","scoring_system":"epss","scoring_elements":"0.92565","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695030","reference_id":"1695030","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1695030"},{"reference_url":"https://security.archlinux.org/ASA-201904-3","reference_id":"ASA-201904-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-3"},{"reference_url":"https://security.archlinux.org/AVG-946","reference_id":"AVG-946","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-946"},{"reference_url":"https://httpd.apache.org/security/json/CVE-2019-0196.json","reference_id":"CVE-2019-0196","reference_type":"","scores":[{"value":"low","scoring_system":"apache_httpd","scoring_elements":""}],"url":"https://httpd.apache.org/security/json/CVE-2019-0196.json"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2644","reference_id":"RHSA-2020:2644","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2644"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2646","reference_id":"RHSA-2020:2646","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2646"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4751","reference_id":"RHSA-2020:4751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4751"}],"fixed_packages":[],"aliases":["CVE-2019-0196"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9kh-3weu-qugs"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/jbcs-httpd24-nghttp2@1.39.2-25.jbcs%3Farch=el6"}