ID

VAR-202103-0062


CVE

CVE-2019-19343


TITLE

plural  Red Hat  Resource depletion vulnerability in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-016231

DESCRIPTION

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. plural Red Hat Product Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Red Hat Undertow is a Java-based embedded Web server of Red Hat (Red Hat), the default Web server of Wildfly (Java application server). The HttpOpenListener in Red Hat Undertow has a resource management error vulnerability, which stems from the fact that the remote connection will always remain connected. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Security Fix(es): * libquartz: XXE attacks via job description (CVE-2019-13990) * jetty: double release of resource can lead to information disclosure (CVE-2019-17638) * keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution (CVE-2020-1714) * springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution (CVE-2020-11972) * camel: Netty enables Java deserialization by default which could leed to remote code execution (CVE-2020-11973) * shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass (CVE-2020-11989) * camel: server-side template injection and arbitrary file disclosure on templating components (CVE-2020-11994) * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) * shiro: specially crafted HTTP request may cause an authentication bypass (CVE-2020-13933) * RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326) * jackson-modules-java8: DoS due to an Improper Input Validation (CVE-2018-1000873) * thrift: Endless loop when feed with specific input data (CVE-2019-0205) * thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * mysql-connector-java: privilege escalation in MySQL connector (CVE-2019-2692) * spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3773) * spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources (CVE-2019-3774) * codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities (CVE-2019-10202) * hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219) * org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library (CVE-2019-11777) * cxf: does not restrict the number of message attachments (CVE-2019-12406) * cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * batik: SSRF via "xlink:href" (CVE-2019-17566) * Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343) * Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719) * apache-flink: JMX information disclosure vulnerability (CVE-2020-1960) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers (CVE-2020-9489) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612) * camel: DNS Rebinding in JMX Connector could result in remote command execution (CVE-2020-11971) * karaf: A remote client could create MBeans from arbitrary URLs (CVE-2020-11980) * tika: excessive memory usage in PSDParser (CVE-2020-1950) * log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector 1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution 1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities 1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application 1801149 - CVE-2019-13990 libquartz: XXE attacks via job description 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments 1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes 1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser 1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability 1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution 1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution 1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers 1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass 1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs 1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML 1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components 1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS 1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure 1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass 1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: EAP Continuous Delivery Technical Preview Release 18 security update Advisory ID: RHSA-2020:2565-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:2565 Issue date: 2020-06-15 CVE Names: CVE-2019-3805 CVE-2019-9511 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-14838 CVE-2019-19343 CVE-2020-11619 CVE-2020-11620 ==================================================================== 1. Summary: This is a security update for JBoss EAP Continuous Delivery 18.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform CD18 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD18 includes bug fixes and enhancements. Security Fix(es): * jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619) * jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620) * wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) * undertow: HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * undertow: HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default (CVE-2019-14838) * undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely (CVE-2019-19343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. You must restart the JBoss server process for the update to take effect. The References section of this erratum contains a download link (you must log in to download the update) 4. Bugs fixed (https://bugzilla.redhat.com/): 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1751227 - CVE-2019-14838 wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default 1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely 1826798 - CVE-2020-11620 jackson-databind: Serialization gadgets in commons-jelly:commons-jelly 1826805 - CVE-2020-11619 jackson-databind: Serialization gadgets in org.springframework:spring-aop 5. References: https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-9511 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-14838 https://access.redhat.com/security/cve/CVE-2019-19343 https://access.redhat.com/security/cve/CVE-2020-11619 https://access.redhat.com/security/cve/CVE-2020-11620 https://access.redhat.com/security/updates/classification/#important 6. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXueq39zjgjWX9erEAQiVvw//WMAI8AuJgNj6ocD8JJbETwuAlv3Qjc2n iZ29Nu4o7hQTR9GLyLu7f4Tcn9gzRfLUXFR4Ly0KknHTOluRcmYatf4pT1yM+1/Z MP3SyS/HScdxvoKybcz0LgzT6D5HpfkskB49QYEQNI4TnWz88fKpET/fQc/kDUGS mJ4EKGcZdYFzCHo2vuK28WCd1e612Dg2MSv7jfctJltwQQunJTsovKJdyFOaIUsV U8GdYj8TL3PlARInizUioB/UA7tReRhkg97jjzQBqQXHUfNnwr3kSMHAWrANnvGx m+1B+QLVdcT+22OvsXgdlksK4ceOleSFJ77kiIcuU9PSQ/FRArigDKrj5DQIUfjY yG7xOE0h9AlMeoQUhyWikG0ZyYJ+v+S85cquWPZZiWuXesht8XAlyYpba1sz+Tuj g/ASXhlUl9WRSAKIe6ijqNasi5vcs4kNnpcKJv4DZe+cJSLtU/QE9P7FUmXxJPuE 2MTonbkWRLtEAcOx6An0pJAQRGStqCCYd4hOP2KWcUgTe1rxbkidyq0ggo5LsRpT +03VNDjJqkTBwTVc1OPEqCZYu4aa+45NJNDPwwiuse1BW0vw41SCoRDHe7QiWNrn 27CK6VcWpjJKybVLzKxkIas6MUJISdp7KAES5NgrKo/R3V3ycZCd2RJP0Ib8oevO s+d7FrCZsfA=ZGb7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.43

sources: NVD: CVE-2019-19343 // JVNDB: JVNDB-2019-016231 // CNVD: CNVD-2021-25685 // VULMON: CVE-2019-19343 // PACKETSTORM: 160562 // PACKETSTORM: 158095

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-25685

AFFECTED PRODUCTS

vendor:redhatmodel:undertowscope:ltversion:2.0.25

Trust: 1.0

vendor:redhatmodel:jboss enterprise application platformscope:ltversion:7.2.4

Trust: 1.0

vendor:netappmodel:active iq unified managerscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:jboss-remotingscope:eqversion:5.0.14

Trust: 1.0

vendor:redhatmodel:undertowscope:eqversion:2.0.25

Trust: 1.0

vendor:redhatmodel:jboss-remotingscope:ltversion:5.0.14

Trust: 1.0

vendor:レッドハットmodel:jboss enterprise application platformscope: - version: -

Trust: 0.8

vendor:レッドハットmodel:undertowscope:eqversion:2.0.25.sp1

Trust: 0.8

vendor:レッドハットmodel:jboss-remotingscope: - version: -

Trust: 0.8

vendor:redmodel:hat jboss remotingscope:lteversion:<=5.0.14

Trust: 0.6

vendor:redmodel:hat undertowscope:lteversion:<=2.0.25

Trust: 0.6

vendor:redmodel:hat jboss enterprise application platformscope:ltversion:7.2.4

Trust: 0.6

sources: CNVD: CNVD-2021-25685 // JVNDB: JVNDB-2019-016231 // NVD: CVE-2019-19343

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19343
value: HIGH

Trust: 1.0

NVD: CVE-2019-19343
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-25685
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202006-1060
value: HIGH

Trust: 0.6

VULMON: CVE-2019-19343
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19343
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-25685
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19343
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-19343
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-25685 // VULMON: CVE-2019-19343 // JVNDB: JVNDB-2019-016231 // CNNVD: CNNVD-202006-1060 // NVD: CVE-2019-19343

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:CWE-404

Trust: 1.0

problemtype:Resource exhaustion (CWE-400) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-016231 // NVD: CVE-2019-19343

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 160562 // CNNVD: CNNVD-202006-1060

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1060

PATCH

title:Bug 1780445url:https://bugzilla.redhat.com/show_bug.cgi?id=1780445

Trust: 0.8

title:Debian CVElist Bug Report Logs: undertow: CVE-2019-19343url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=dc1c048491658cc35a54fe584492512e

Trust: 0.1

title:Red Hat: Important: EAP Continuous Delivery Technical Preview Release 18 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202565 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.8.0 release and security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20205568 - Security Advisory

Trust: 0.1

sources: VULMON: CVE-2019-19343 // JVNDB: JVNDB-2019-016231

EXTERNAL IDS

db:NVDid:CVE-2019-19343

Trust: 3.3

db:PACKETSTORMid:158095

Trust: 1.3

db:AUSCERTid:ESB-2020.2071

Trust: 1.2

db:JVNDBid:JVNDB-2019-016231

Trust: 0.8

db:PACKETSTORMid:160562

Trust: 0.7

db:CNVDid:CNVD-2021-25685

Trust: 0.6

db:AUSCERTid:ESB-2020.4464

Trust: 0.6

db:CNNVDid:CNNVD-202006-1060

Trust: 0.6

db:VULMONid:CVE-2019-19343

Trust: 0.1

sources: CNVD: CNVD-2021-25685 // VULMON: CVE-2019-19343 // JVNDB: JVNDB-2019-016231 // PACKETSTORM: 160562 // PACKETSTORM: 158095 // CNNVD: CNNVD-202006-1060 // NVD: CVE-2019-19343

REFERENCES

url:https://bugzilla.redhat.com/show_bug.cgi?id=1780445

Trust: 1.7

url:https://issues.redhat.com/browse/jbeap-16695

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20220211-0002/

Trust: 1.6

url:https://www.auscert.org.au/bulletins/esb-2020.2071/

Trust: 1.2

url:https://packetstormsecurity.com/files/158095/red-hat-security-advisory-2020-2565-01.html

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-19343

Trust: 1.0

url:https://packetstormsecurity.com/files/160562/red-hat-security-advisory-2020-5568-01.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/undertow-memory-leak-via-httpopenlistener-34925

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4464/

Trust: 0.6

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-19343

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/400.html

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948024

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1719

Trust: 0.1

url:https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.8.0

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11972

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9488

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1000873

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11989

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10740

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-13990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11980

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11972

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1950

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12406

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11989

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0210

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11980

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0205

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-1393

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11971

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17566

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1000873

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7226

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10219

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9489

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14326

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14900

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0210

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10202

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-10683

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13990

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-13692

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10683

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11994

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10219

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-1714

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-5398

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14900

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-13933

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3774

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-10740

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11612

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12423

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17638

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11994

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11971

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:5568

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3773

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0205

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11777

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9514

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9515

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9512

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9514

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9515

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11619

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:2565

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-11619

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-11620

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9512

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14838

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-3805

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-3805

Trust: 0.1

sources: CNVD: CNVD-2021-25685 // VULMON: CVE-2019-19343 // JVNDB: JVNDB-2019-016231 // PACKETSTORM: 160562 // PACKETSTORM: 158095 // CNNVD: CNNVD-202006-1060 // NVD: CVE-2019-19343

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 160562 // PACKETSTORM: 158095 // CNNVD: CNNVD-202006-1060

SOURCES

db:CNVDid:CNVD-2021-25685
db:VULMONid:CVE-2019-19343
db:JVNDBid:JVNDB-2019-016231
db:PACKETSTORMid:160562
db:PACKETSTORMid:158095
db:CNNVDid:CNNVD-202006-1060
db:NVDid:CVE-2019-19343

LAST UPDATE DATE

2024-08-14T12:22:03.513000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-25685date:2021-04-08T00:00:00
db:VULMONid:CVE-2019-19343date:2021-03-26T00:00:00
db:JVNDBid:JVNDB-2019-016231date:2021-12-01T03:23:00
db:CNNVDid:CNNVD-202006-1060date:2022-05-05T00:00:00
db:NVDid:CVE-2019-19343date:2022-05-03T13:05:02.290

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-25685date:2021-04-08T00:00:00
db:VULMONid:CVE-2019-19343date:2021-03-23T00:00:00
db:JVNDBid:JVNDB-2019-016231date:2021-12-01T00:00:00
db:PACKETSTORMid:160562date:2020-12-16T18:17:52
db:PACKETSTORMid:158095date:2020-06-16T00:54:44
db:CNNVDid:CNNVD-202006-1060date:2020-06-16T00:00:00
db:NVDid:CVE-2019-19343date:2021-03-23T21:15:13.417