Details of VAR-201912-1044

ID

VAR-201912-1044

CVE

CVE-2019-19956

TITLE

libxml2 Security hole

Trust: 0.6

sources: CNNVD: CNNVD-201912-1088

DESCRIPTION

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. Solution: For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape 5. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. This advisory provides the following updates among others: * Enhances profile parsing time. * Fixes excessive resource consumption from the Operator. * Fixes default content image. * Fixes outdated remediation handling. Solution: For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918990 - ComplianceSuite scans use quay content image for initContainer 1919135 - [OCP v46] The autoApplyRemediation pauses the machineConfigPool if there is outdated complianceRemediation object present 1919846 - After remediation applied, the compliancecheckresults still reports Failed status for some rules 1920999 - Compliance operator is not displayed when disconnected mode is selected in the OpenShift Web-Console. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. Description: Red Hat OpenShift Do (odo) is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Solution: Download and install a new CLI binary by following the instructions linked from the References section. Bugs fixed (https://bugzilla.redhat.com/): 1832983 - Release of 1.1.3 odo-init-image 5. 8) - aarch64, ppc64le, s390x, x86_64 3. ========================================================================== Ubuntu Security Notice USN-4274-1 February 10, 2020 libxml2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in libxml2. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: libxml2 2.9.4+dfsg1-7ubuntu3.1 libxml2-utils 2.9.4+dfsg1-7ubuntu3.1 Ubuntu 18.04 LTS: libxml2 2.9.4+dfsg1-6.1ubuntu1.3 libxml2-utils 2.9.4+dfsg1-6.1ubuntu1.3 Ubuntu 16.04 LTS: libxml2 2.9.3+dfsg1-1ubuntu0.7 libxml2-utils 2.9.3+dfsg1-1ubuntu0.7 Ubuntu 14.04 ESM: libxml2 2.9.1+dfsg1-3ubuntu4.13+esm1 libxml2-utils 2.9.1+dfsg1-3ubuntu4.13+esm1 Ubuntu 12.04 ESM: libxml2 2.7.8.dfsg-5.1ubuntu4.22 libxml2-utils 2.7.8.dfsg-5.1ubuntu4.22 In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libxml2 security and bug fix update Advisory ID: RHSA-2020:3996-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3996 Issue date: 2020-09-29 CVE Names: CVE-2019-19956 CVE-2019-20388 CVE-2020-7595 ==================================================================== 1. Summary: An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The desktop must be restarted (log out, then log back in) for this update to take effect. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libxml2-2.9.1-6.el7.5.src.rpm x86_64: libxml2-2.9.1-6.el7.5.i686.rpm libxml2-2.9.1-6.el7.5.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-devel-2.9.1-6.el7.5.i686.rpm libxml2-devel-2.9.1-6.el7.5.x86_64.rpm libxml2-static-2.9.1-6.el7.5.i686.rpm libxml2-static-2.9.1-6.el7.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libxml2-2.9.1-6.el7.5.src.rpm x86_64: libxml2-2.9.1-6.el7.5.i686.rpm libxml2-2.9.1-6.el7.5.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-devel-2.9.1-6.el7.5.i686.rpm libxml2-devel-2.9.1-6.el7.5.x86_64.rpm libxml2-static-2.9.1-6.el7.5.i686.rpm libxml2-static-2.9.1-6.el7.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libxml2-2.9.1-6.el7.5.src.rpm ppc64: libxml2-2.9.1-6.el7.5.ppc.rpm libxml2-2.9.1-6.el7.5.ppc64.rpm libxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm libxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm libxml2-devel-2.9.1-6.el7.5.ppc.rpm libxml2-devel-2.9.1-6.el7.5.ppc64.rpm libxml2-python-2.9.1-6.el7.5.ppc64.rpm ppc64le: libxml2-2.9.1-6.el7.5.ppc64le.rpm libxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm libxml2-devel-2.9.1-6.el7.5.ppc64le.rpm libxml2-python-2.9.1-6.el7.5.ppc64le.rpm s390x: libxml2-2.9.1-6.el7.5.s390.rpm libxml2-2.9.1-6.el7.5.s390x.rpm libxml2-debuginfo-2.9.1-6.el7.5.s390.rpm libxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm libxml2-devel-2.9.1-6.el7.5.s390.rpm libxml2-devel-2.9.1-6.el7.5.s390x.rpm libxml2-python-2.9.1-6.el7.5.s390x.rpm x86_64: libxml2-2.9.1-6.el7.5.i686.rpm libxml2-2.9.1-6.el7.5.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-devel-2.9.1-6.el7.5.i686.rpm libxml2-devel-2.9.1-6.el7.5.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libxml2-debuginfo-2.9.1-6.el7.5.ppc.rpm libxml2-debuginfo-2.9.1-6.el7.5.ppc64.rpm libxml2-static-2.9.1-6.el7.5.ppc.rpm libxml2-static-2.9.1-6.el7.5.ppc64.rpm ppc64le: libxml2-debuginfo-2.9.1-6.el7.5.ppc64le.rpm libxml2-static-2.9.1-6.el7.5.ppc64le.rpm s390x: libxml2-debuginfo-2.9.1-6.el7.5.s390.rpm libxml2-debuginfo-2.9.1-6.el7.5.s390x.rpm libxml2-static-2.9.1-6.el7.5.s390.rpm libxml2-static-2.9.1-6.el7.5.s390x.rpm x86_64: libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-static-2.9.1-6.el7.5.i686.rpm libxml2-static-2.9.1-6.el7.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libxml2-2.9.1-6.el7.5.src.rpm x86_64: libxml2-2.9.1-6.el7.5.i686.rpm libxml2-2.9.1-6.el7.5.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-devel-2.9.1-6.el7.5.i686.rpm libxml2-devel-2.9.1-6.el7.5.x86_64.rpm libxml2-python-2.9.1-6.el7.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libxml2-debuginfo-2.9.1-6.el7.5.i686.rpm libxml2-debuginfo-2.9.1-6.el7.5.x86_64.rpm libxml2-static-2.9.1-6.el7.5.i686.rpm libxml2-static-2.9.1-6.el7.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-19956 https://access.redhat.com/security/cve/CVE-2019-20388 https://access.redhat.com/security/cve/CVE-2020-7595 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OgG9zjgjWX9erEAQg9vhAAiDkPkj6VlpMKDvgVUY4eU83p4bCnZqos e9kVjDMJrHdYR5iXXc665LOYBG0yyDGdvVLeqxjI9S11UDypRyzy641kwBY6eCru 0yaA88aZ4YpQyIARmmK7cIMFe6JRWHOkEsOfMCtjpbkGLteXdzfUFgJnlRFB0Dai OVrZH3kGb5EbKvJGcWY7cqv5jQhpy802a4EhpHQ1q6vFAbO7D1T6vJlCyP0+ba5N ZoMyrCFWaX5TUjiwFkuyAiSZYyPyxo0+dhqgJaSU44BH4p5imV7c1oh10U7/7k+O Y30M2uLOuArD1ad0t2d23EVr8mRKUr+agoLWC8Pwuq2worTArE/395GKXv2Yvtv9 YCvvCNFIcnG5GaJloqhXkTZM2pCr0+n90WLrNZ0suPArycHU74ROfBNErWegvq2e gpFLyu3S1mpjcBG19Gjg1qgh7FKg57s7PbNzcETK5ParBQeZ4dHHpcr9voP52tYD SJ9ILV9unM5jya5Uwooa6GOFGistLQLntZd22zDcPahu0FxvQlyZFV4oInF0m/7h e/h8NgSwyJKNenZATlsOGmjdcMh95Unztu4bfK8S20/Ej8F/B2PE4Kxha2s0bxsC b9fFKBOIdTCeFi2lTyrctEGQl9ksrW/Va6+uQwe5lKQldwhB3of9QolUu7ud+gdx COt/fBH012Y=udpL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Solution: See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless_applications/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1874857 - CVE-2020-24553 golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time 1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time 1906381 - Release of OpenShift Serverless Serving 1.12.0 1906382 - Release of OpenShift Serverless Eventing 1.12.0 5

Trust: 1.89

sources: NVD: CVE-2019-19956 // VULMON: CVE-2019-19956 // PACKETSTORM: 160125 // PACKETSTORM: 161727 // PACKETSTORM: 161429 // PACKETSTORM: 162142 // PACKETSTORM: 161916 // PACKETSTORM: 159851 // PACKETSTORM: 156276 // PACKETSTORM: 159349 // PACKETSTORM: 160961 // PACKETSTORM: 159552

AFFECTED PRODUCTS

vendor:	netapp	model:	steelstore cloud integrated storage	scope:	eq	version:	-	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	30	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	netapp	model:	ontap select deploy administration utility	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	manageability software development kit	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	netapp	model:	clustered data ontap antivirus connector	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	19.10	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	oracle	model:	real user experience insight	scope:	eq	version:	13.3.1.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	xmlsoft	model:	libxml2	scope:	lt	version:	2.9.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.0	Trust: 1.0

sources: NVD: CVE-2019-19956

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-19956
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201912-1088
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-19956
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-19956
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1

nvd@nist.gov:	CVE-2019-19956
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULMON: CVE-2019-19956 // CNNVD: CNNVD-201912-1088 // NVD: CVE-2019-19956

PROBLEMTYPE DATA

problemtype:

CWE-401

Trust: 1.0

sources: NVD: CVE-2019-19956

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1088

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-1088

PATCH

title:	libxml2 Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=106417	Trust: 0.6
title:	Red Hat: Moderate: libxml2 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204479 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: libxml2 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203996 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: libxml2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4274-1	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202646 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202644 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1438	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1438	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1534	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1534	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=0d160980ab72db34060d62c89304b6f2	Trust: 0.1
title:	Red Hat: Moderate: Release of OpenShift Serverless 1.11.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205149 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204255 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204254 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Release of OpenShift Serverless 1.12.0	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210146 - Security Advisory	Trust: 0.1
title:	Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210190 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210050 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20210436 - Security Advisory	Trust: 0.1
title:	IBM: Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3201548b0e11fd3ecd83fd36fc045a8e	Trust: 0.1
title:	Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205605 - Security Advisory	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	-	url:	https://github.com/vincent-deng/veracode-container-security-finding-parser	Trust: 0.1

sources: VULMON: CVE-2019-19956 // CNNVD: CNNVD-201912-1088

EXTERNAL IDS

db:	NVD	id:	CVE-2019-19956	Trust: 2.7
db:	SIEMENS	id:	SSA-292794	Trust: 1.7
db:	ICS CERT	id:	ICSA-21-103-08	Trust: 1.7
db:	PACKETSTORM	id:	160125	Trust: 0.7
db:	PACKETSTORM	id:	161727	Trust: 0.7
db:	PACKETSTORM	id:	161429	Trust: 0.7
db:	PACKETSTORM	id:	162142	Trust: 0.7
db:	PACKETSTORM	id:	161916	Trust: 0.7
db:	PACKETSTORM	id:	159851	Trust: 0.7
db:	PACKETSTORM	id:	156276	Trust: 0.7
db:	PACKETSTORM	id:	159349	Trust: 0.7
db:	PACKETSTORM	id:	160961	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0584	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3732	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1207	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3535	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2604	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1744	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4513	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1242	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1727	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.4058	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1826	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2162	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3364	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0234	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3631	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2475	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0864	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0471	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0845	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0025	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3868	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0986	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3550	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0691	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4100	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3102	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0319	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1193	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0171	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0099	Trust: 0.6
db:	PACKETSTORM	id:	160889	Trust: 0.6
db:	PACKETSTORM	id:	159553	Trust: 0.6
db:	PACKETSTORM	id:	159661	Trust: 0.6
db:	PACKETSTORM	id:	162130	Trust: 0.6
db:	PACKETSTORM	id:	161536	Trust: 0.6
db:	PACKETSTORM	id:	158168	Trust: 0.6
db:	PACKETSTORM	id:	162694	Trust: 0.6
db:	CS-HELP	id:	SB2021041514	Trust: 0.6
db:	CS-HELP	id:	SB2021052216	Trust: 0.6
db:	CS-HELP	id:	SB2022072097	Trust: 0.6
db:	CS-HELP	id:	SB2021111735	Trust: 0.6
db:	CNNVD	id:	CNNVD-201912-1088	Trust: 0.6
db:	VULMON	id:	CVE-2019-19956	Trust: 0.1
db:	PACKETSTORM	id:	159552	Trust: 0.1

sources: VULMON: CVE-2019-19956 // PACKETSTORM: 160125 // PACKETSTORM: 161727 // PACKETSTORM: 161429 // PACKETSTORM: 162142 // PACKETSTORM: 161916 // PACKETSTORM: 159851 // PACKETSTORM: 156276 // PACKETSTORM: 159349 // PACKETSTORM: 160961 // PACKETSTORM: 159552 // CNNVD: CNNVD-201912-1088 // NVD: CVE-2019-19956

REFERENCES

url:	https://usn.ubuntu.com/4274-1/	Trust: 2.4
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08	Trust: 2.3
url:	https://gitlab.gnome.org/gnome/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200114-0002/	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html	Trust: 1.7
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 1.6
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 1.5
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5r55zr52rmbx24tqtwhciwkjvrv6yawi/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jdpf3aavkuakdyfmfksiqsvvs3eefpqh/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.9
url:	https://access.redhat.com/security/team/contact/	Trust: 0.9
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.9
url:	https://bugzilla.redhat.com/):	Trust: 0.9
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.7
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5r55zr52rmbx24tqtwhciwkjvrv6yawi/	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jdpf3aavkuakdyfmfksiqsvvs3eefpqh/	Trust: 0.6
url:	https://www.debian.org/lts/security/2019/dla-2048	Trust: 0.6
url:	https://packetstormsecurity.com/files/161536/red-hat-security-advisory-2020-5635-01.html	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6455281	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3535/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052216	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2162/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1727	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1207	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-libxml2-vulnerabilities-cve-2019-19956-cve-2019-20388-cve-2020-7595/	Trust: 0.6
url:	https://packetstormsecurity.com/files/161429/red-hat-security-advisory-2021-0436-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/161727/red-hat-security-advisory-2021-0778-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-4/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0171/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bladecenter-advanced-management-module-amm-is-affected-by-vulnerabilities-in-libxml2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4100/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6520474	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0845	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0025/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0691	Trust: 0.6
url:	https://packetstormsecurity.com/files/162694/red-hat-security-advisory-2021-2021-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0099/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.4058	Trust: 0.6
url:	https://packetstormsecurity.com/files/160889/red-hat-security-advisory-2021-0050-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/160125/red-hat-security-advisory-2020-5149-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/160961/red-hat-security-advisory-2021-0146-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3868/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1744	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072097	Trust: 0.6
url:	https://packetstormsecurity.com/files/158168/red-hat-security-advisory-2020-2646-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021111735	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2475/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0319/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0471/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4513/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-network-security-is-affected-by-multiple-vulnerabilities-2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0234/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0584	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-6/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1193	Trust: 0.6
url:	https://vigilance.fr/vulnerability/libxml2-memory-leak-via-xmlparsebalancedchunkmemoryrecover-31236	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-libxml2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0864	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3732	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0986	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-libxml2/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159349/red-hat-security-advisory-2020-3996-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-6/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2604	Trust: 0.6
url:	https://packetstormsecurity.com/files/159851/red-hat-security-advisory-2020-4479-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/156276/ubuntu-security-notice-usn-4274-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1242	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041514	Trust: 0.6
url:	https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1826/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3102/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3550	Trust: 0.6
url:	https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-rackswitch-firmware-products-are-affected-by-vulnerabilities-in-libxml2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-5/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3631/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3364/	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19906	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-13627	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1730	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-6405	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-19906	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20387	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13050	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-13050	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20387	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13627	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-14889	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20218	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5018	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16168	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-13632	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-16168	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20218	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-10029	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-13630	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1752	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-9327	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20454	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19221	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-19221	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-16935	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16935	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-13631	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5018	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14889	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14422	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1751	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-20454	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.3
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5188	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5094	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5188	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7595	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2020:4479	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1752	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1730	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/openshift_container_platform/4.6/html/serverless_applications/index	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20916	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13631	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13632	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10029	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1551	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1751	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13630	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-1551	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20916	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-8492	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14422	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.2
url:	https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-24659	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-20386	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-28362	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20386	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2017-12652	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17546	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14973	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-17546	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12652	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-14973	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-5313	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5149	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14040	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14040	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12723	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10878	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20253	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11023	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0778	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11022	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12723	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-5766	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10878	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20372	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10543	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-35678	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9925	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9802	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9895	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15165	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14382	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8812	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3899	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11068	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8819	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3867	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9893	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8808	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3902	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3900	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8743	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9805	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8820	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9807	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8769	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8813	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9850	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8710	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8811	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9803	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9862	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3885	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15503	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20807	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10018	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8835	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8764	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8844	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3865	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3864	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14391	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3862	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3901	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/updating/updating-cluster	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8823	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3895	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15165	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11793	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8720	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9894	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8816	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3897	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9806	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8814	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8743	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9915	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8815	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8783	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20807	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0436	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11068	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8766	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3868	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8846	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-3894	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-8782	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1079	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3156	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3447	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5313	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#low	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0949	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8177	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.4/cli_reference/openshift_developer_cli/installing-odo.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/	Trust: 0.1
url:	https://usn.ubuntu.com/4274-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-7ubuntu3.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libxml2/2.9.3+dfsg1-1ubuntu0.7	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/libxml2/2.9.4+dfsg1-6.1ubuntu1.3	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3996	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0146	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28362	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-24553	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24553	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-24659	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28366	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28366	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-28367	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-28367	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19126	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1240	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-18874	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12450	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4254	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14822	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-18874	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14365	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19126	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5482	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5482	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12450	Trust: 0.1

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 160125 // PACKETSTORM: 161727 // PACKETSTORM: 161429 // PACKETSTORM: 162142 // PACKETSTORM: 161916 // PACKETSTORM: 159851 // PACKETSTORM: 159349 // PACKETSTORM: 160961 // PACKETSTORM: 159552

SOURCES

db:	VULMON	id:	CVE-2019-19956
db:	PACKETSTORM	id:	160125
db:	PACKETSTORM	id:	161727
db:	PACKETSTORM	id:	161429
db:	PACKETSTORM	id:	162142
db:	PACKETSTORM	id:	161916
db:	PACKETSTORM	id:	159851
db:	PACKETSTORM	id:	156276
db:	PACKETSTORM	id:	159349
db:	PACKETSTORM	id:	160961
db:	PACKETSTORM	id:	159552
db:	CNNVD	id:	CNNVD-201912-1088
db:	NVD	id:	CVE-2019-19956

LAST UPDATE DATE

2025-03-19T22:34:32.611000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2019-19956	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-201912-1088	date:	2023-06-30T00:00:00
db:	NVD	id:	CVE-2019-19956	date:	2024-11-21T04:35:44.420

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2019-19956	date:	2019-12-24T00:00:00
db:	PACKETSTORM	id:	160125	date:	2020-11-18T20:48:43
db:	PACKETSTORM	id:	161727	date:	2021-03-09T16:25:11
db:	PACKETSTORM	id:	161429	date:	2021-02-16T15:44:48
db:	PACKETSTORM	id:	162142	date:	2021-04-09T15:06:13
db:	PACKETSTORM	id:	161916	date:	2021-03-22T15:36:55
db:	PACKETSTORM	id:	159851	date:	2020-11-04T15:29:08
db:	PACKETSTORM	id:	156276	date:	2020-02-10T15:35:17
db:	PACKETSTORM	id:	159349	date:	2020-09-30T15:43:22
db:	PACKETSTORM	id:	160961	date:	2021-01-15T15:06:55
db:	PACKETSTORM	id:	159552	date:	2020-10-14T16:52:12
db:	CNNVD	id:	CNNVD-201912-1088	date:	2019-12-24T00:00:00
db:	NVD	id:	CVE-2019-19956	date:	2019-12-24T16:15:11.450