VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json
epss	0.02173	https://api.first.org/data/v1/epss?cve=CVE-2019-9516
epss	0.02173	https://api.first.org/data/v1/epss?cve=CVE-2019-9516
epss	0.02173	https://api.first.org/data/v1/epss?cve=CVE-2019-9516
epss	0.02173	https://api.first.org/data/v1/epss?cve=CVE-2019-9516
epss	0.02173	https://api.first.org/data/v1/epss?cve=CVE-2019-9516
epss	0.02173	https://api.first.org/data/v1/epss?cve=CVE-2019-9516
epss	0.02173	https://api.first.org/data/v1/epss?cve=CVE-2019-9516
epss	0.02173	https://api.first.org/data/v1/epss?cve=CVE-2019-9516
epss	0.02173	https://api.first.org/data/v1/epss?cve=CVE-2019-9516
cvssv3	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	low	https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html
archlinux	Medium	https://security.archlinux.org/AVG-1022
archlinux	Medium	https://security.archlinux.org/AVG-1023

System

Score

Found at

cvssv3

6.5

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json

epss

0.02173

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

epss

0.02173

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

epss

0.02173

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

epss

0.02173

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

epss

0.02173

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

epss

0.02173

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

epss

0.02173

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

epss

0.02173

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

epss

0.02173

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

cvssv3

7.5

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

generic_textual

low

https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

archlinux

Medium

https://security.archlinux.org/AVG-1022

archlinux

Medium

https://security.archlinux.org/AVG-1023

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-9516
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html
1741864		https://bugzilla.redhat.com/show_bug.cgi?id=1741864
935037		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037
ASA-201908-12		https://security.archlinux.org/ASA-201908-12
ASA-201908-13		https://security.archlinux.org/ASA-201908-13
AVG-1022		https://security.archlinux.org/AVG-1022
AVG-1023		https://security.archlinux.org/AVG-1023
CVE-2019-9516		https://nvd.nist.gov/vuln/detail/CVE-2019-9516
RHSA-2019:2745		https://access.redhat.com/errata/RHSA-2019:2745
RHSA-2019:2746		https://access.redhat.com/errata/RHSA-2019:2746
RHSA-2019:2775		https://access.redhat.com/errata/RHSA-2019:2775
RHSA-2019:2799		https://access.redhat.com/errata/RHSA-2019:2799
RHSA-2019:2946		https://access.redhat.com/errata/RHSA-2019:2946
RHSA-2019:2950		https://access.redhat.com/errata/RHSA-2019:2950
RHSA-2019:3932		https://access.redhat.com/errata/RHSA-2019:3932
RHSA-2019:3933		https://access.redhat.com/errata/RHSA-2019:3933
RHSA-2019:3935		https://access.redhat.com/errata/RHSA-2019:3935
RHSA-2020:0922		https://access.redhat.com/errata/RHSA-2020:0922
RHSA-2020:0983		https://access.redhat.com/errata/RHSA-2020:0983
RHSA-2020:1445		https://access.redhat.com/errata/RHSA-2020:1445
USN-4099-1		https://usn.ubuntu.com/4099-1/

Reference id

Reference type

URL

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json

https://api.first.org/data/v1/epss?cve=CVE-2019-9516

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html

1741864

https://bugzilla.redhat.com/show_bug.cgi?id=1741864

935037

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037

ASA-201908-12

https://security.archlinux.org/ASA-201908-12

ASA-201908-13

https://security.archlinux.org/ASA-201908-13

AVG-1022

https://security.archlinux.org/AVG-1022

AVG-1023

https://security.archlinux.org/AVG-1023

CVE-2019-9516

https://nvd.nist.gov/vuln/detail/CVE-2019-9516

RHSA-2019:2745

https://access.redhat.com/errata/RHSA-2019:2745

RHSA-2019:2746

https://access.redhat.com/errata/RHSA-2019:2746

RHSA-2019:2775

https://access.redhat.com/errata/RHSA-2019:2775

RHSA-2019:2799

https://access.redhat.com/errata/RHSA-2019:2799

RHSA-2019:2946

https://access.redhat.com/errata/RHSA-2019:2946

RHSA-2019:2950

https://access.redhat.com/errata/RHSA-2019:2950

RHSA-2019:3932

https://access.redhat.com/errata/RHSA-2019:3932

RHSA-2019:3933

https://access.redhat.com/errata/RHSA-2019:3933

RHSA-2019:3935

https://access.redhat.com/errata/RHSA-2019:3935

RHSA-2020:0922

https://access.redhat.com/errata/RHSA-2020:0922

RHSA-2020:0983

https://access.redhat.com/errata/RHSA-2020:0983

RHSA-2020:1445

https://access.redhat.com/errata/RHSA-2020:1445

USN-4099-1

https://usn.ubuntu.com/4099-1/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:31:46.668669+00:00	Nginx Importer	Import	https://nginx.org/en/security_advisories.html	38.0.0

2026-04-01T12:31:46.668669+00:00

Nginx Importer

Import

https://nginx.org/en/security_advisories.html

38.0.0

Vulnerability ID	VCID-kcsp-h1s5-wbea
Aliases	CVE-2019-9516
Summary	Excessive memory usage in HTTP/2 with zero length headers
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Percentile	0.8426
EPSS Score	0.02173
Published At	April 1, 2026, 12:55 p.m.